Home/Network IDS rules
IDS / IPS

Network IDS rules

6,117 rules · linked to T1071 · Snort / Suricata signatures
Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. Expand a rule to view its source link.

Rules

50 shown of 6,117
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)
sid 2027011 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)
sid 2027012 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)
sid 2027014 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)
sid 2027015 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)
sid 2027016 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)
sid 2027017 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)
sid 2027018 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)
sid 2027019 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)
sid 2027020 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)
sid 2027022 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (APT32 JEShell CnC)
sid 2027068 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (CobaltStrike CnC)
sid 2027082 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Gozi CnC)
sid 2027086 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Gootkit CnC)
sid 2027101 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (ShadowHammer CnC)
sid 2027116 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Gozi CnC)
sid 2027157 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (DonotGroup Android CnC)
sid 2027195 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (DonotGroup CnC)
sid 2027214 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (DonotGroup CnC)
sid 2027215 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (DonotGroup CnC)
sid 2027216 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Unattributed CnC)
sid 2027221 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (DonotGroup Stage 2 CnC)
sid 2027297 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (DonotGroup CnC)
sid 2027298 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Mirrortheif group)
sid 2027322 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (MirrorThief CnC)
sid 2027355 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (FIN8 ShellTea CnC)
sid 2027463 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (FIN8 ShellTea CnC)
sid 2027464 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (MageCart CnC)
sid 2027472 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (MageCart CnC)
sid 2027474 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (MageCart CnC)
sid 2027475 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (IcedID CnC)
sid 2027485 format suricata
et-open targeted-activity
ET MALWARE Observed Turla Domain (vision2030 .tk in TLS SNI)
sid 2027501 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Quasar CnC)
sid 2027619 format suricata
et-open trojan-activity
ET MALWARE Observed Godlua Backdoor Domain (d .heheda .tk in TLS SNI)
sid 2027664 format suricata
et-open trojan-activity
ET MALWARE Observed Godlua Backdoor Domain (c .heheda .tk in TLS SNI)
sid 2027665 format suricata
et-open targeted-activity
ET MALWARE Observed Turla/APT34 CnC Domain Domain (dubaiexpo2020 .cf in TLS SNI)
sid 2027669 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Ursnif CnC)
sid 2027687 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Ursnif CnC)
sid 2027688 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Ursnif CnC)
sid 2027740 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Various CnC)
sid 2027753 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (AZORult CnC)
sid 2027799 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Various CnC)
sid 2027800 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Various CnC)
sid 2027801 format suricata
et-open command-and-control
ET MALWARE Observed Glupteba CnC Domain (venoxcontrol .com in TLS SNI)
sid 2027946 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Sidewinder CnC)
sid 2028566 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Sidewinder CnC)
sid 2028567 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Sidewinder CnC)
sid 2028568 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (DonotGroup CnC)
sid 2028584 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (MalDoc DL 2019-09-17 1)
sid 2028596 format suricata
et-open domain-c2
ET MALWARE Observed OSX/GMERA.A CnC Domain (appstockfolio .com in TLS SNI)
sid 2028619 format suricata
Showing 101-150 of 6,117
Prev 3 Next
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin