Home/Network IDS rules
IDS / IPS

Network IDS rules

87 rules · linked to T1587 · Snort / Suricata signatures
Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. Expand a rule to view its source link.

Rules

37 shown of 87
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (MageCart)
sid 2029572 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (ServHelper CnC)
sid 2029603 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (ServHelper CnC)
sid 2029612 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (ServHelper CnC)
sid 2029614 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Win32/SandCat CnC)
sid 2029642 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Malicious Browser Ext CnC)
sid 2029922 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Gozi ISFB)
sid 2030030 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (W32/TrojanDownloader.Agent.FBF Variant CnC)
sid 2030046 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (DonotGroup CnC)
sid 2030330 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (StrongPity CnC)
sid 2030414 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (CobaltStrike CnC)
sid 2030455 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (CobaltStrike CnC)
sid 2030460 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (CobaltStrike CnC)
sid 2030466 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Zeromax Stealer CnC)
sid 2030475 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Zloader CnC)
sid 2030486 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Ursnif CnC)
sid 2030627 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (AnubisStealer CnC)
sid 2030729 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Baka Skimmer Staging CnC)
sid 2030841 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Baka Skimmer Staging CnC)
sid 2030844 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (CobaltStrike CnC)
sid 2030867 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Fullz House CC Skimmer)
sid 2030966 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Fullz House CC Skimmer)
sid 2030971 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Strongpity CnC)
sid 2030982 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (AsyncRAT CnC)
sid 2031059 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Cobalt Strike CnC)
sid 2031119 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Blackrota)
sid 2031236 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Lazarus APT MalDoc 2020-11-30)
sid 2031240 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (NHS UK Covid Passport Phish)
sid 2033286 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Maldoc/Zloader CnC)
sid 2033318 format suricata
et-open domain-c2
ET MOBILE_MALWARE Observed Malicious SSL Cert (Android/FakeAdBlocker CnC)
sid 2033377 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert for IRS Credential Phish Domain (supportmicrohere .com)
sid 2036360 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL/TLS Certificate (APT-C-55/BabyShark Staging Domain)
sid 2036888 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL/TLS Certificate (SilentLibrarian)
sid 2037075 format suricata
et-open misc-activity
ET INFO AI Service Domain (lovable .dev) in DNS Lookup
sid 2063040 format suricata
et-open misc-activity
ET INFO AI Service Domain (lovable .app) in DNS Lookup
sid 2063041 format suricata
et-open misc-activity
ET INFO AI Service Domain (lovable .dev) in TLS SNI
sid 2063042 format suricata
et-open misc-activity
ET INFO AI Service Domain (lovable .app) in TLS SNI
sid 2063043 format suricata
Showing 51-87 of 87
Prev 2 Next
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin