Home/Network IDS rules
IDS / IPS

Network IDS rules

926 rules · linked to T1041 · Snort / Suricata signatures
Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. Expand a rule to view its source link.

Rules

50 shown of 926
et-open command-and-control
ET MALWARE W32/Symmi.46846 CnC Beacon
sid 2019948 format suricata
et-open command-and-control
ET MOBILE_MALWARE CoolReaper CnC Beacon 2
sid 2019959 format suricata
et-open command-and-control
ET MALWARE Tendrit CnC Beacon 1
sid 2019985 format suricata
et-open command-and-control
ET MALWARE Tendrit CnC Beacon 2
sid 2019986 format suricata
et-open command-and-control
ET MALWARE Hong Kong SWC Attack PcClient CnC Beacon
sid 2020169 format suricata
et-open command-and-control
ET MALWARE W32/Adrom.Backdoor CnC Beacon
sid 2020293 format suricata
et-open command-and-control
ET MALWARE Dridex POST CnC Beacon 2
sid 2020301 format suricata
et-open command-and-control
ET MALWARE MSIL/Agent.PYO Possible net.tcp CnC Beacon (stat)
sid 2020336 format suricata
et-open command-and-control
ET MALWARE MSIL/Agent.PYO Possible net.tcp CnC Beacon (control)
sid 2020337 format suricata
et-open trojan-activity
ET MOBILE_MALWARE Android Syria-Twitter Checkin
sid 2020343 format suricata
et-open command-and-control
ET MOBILE_MALWARE Android/SMSThief.F Banker CnC Beacon
sid 2020353 format suricata
et-open trojan-activity
ET MOBILE_MALWARE Operation Pawn Storm IOS_XAGENT Checkin
sid 2020363 format suricata
et-open targeted-activity
ET MALWARE Carbanak APT CnC Beacon 1
sid 2020455 format suricata
et-open targeted-activity
ET MALWARE Carbanak APT CnC Beacon 2
sid 2020456 format suricata
et-open command-and-control
ET MALWARE SuperFish CnC Beacon 1
sid 2020489 format suricata
et-open command-and-control
ET MALWARE SuperFish CnC Beacon 2
sid 2020490 format suricata
et-open command-and-control
ET MALWARE Win32/HydraCrypt CnC Beacon 3
sid 2020503 format suricata
et-open command-and-control
ET MALWARE Win32/LockScreen CnC Beacon 2
sid 2020504 format suricata
et-open pup-activity
ET ADWARE_PUP W32/WinWrapper.Adware Initial Install Beacon
sid 2020627 format suricata
et-open pup-activity
ET ADWARE_PUP MALWARE W32/WinWrapper.Adware POST CnC Beacon
sid 2020628 format suricata
et-open command-and-control
ET MALWARE Win32/Trapwot FakeAV Post Infection CnC Beacon
sid 2020645 format suricata
et-open pup-activity
ET ADWARE_PUP Potentially Unwanted Application AirInstaller CnC Beacon
sid 2020701 format suricata
et-open command-and-control
ET MALWARE FakeAV Variant CnC Beacon
sid 2020706 format suricata
et-open command-and-control
ET MALWARE Win32/Teslacrypt Ransomware HTTP CnC Beacon M1
sid 2020717 format suricata
et-open command-and-control
ET MALWARE Win32/Teslacrypt Ransomware HTTP CnC Beacon M2
sid 2020718 format suricata
et-open command-and-control
ET MALWARE KeyLogger related to FindPOS CnC Beacon
sid 2020724 format suricata
et-open command-and-control
ET MALWARE Fileless infection dropped by EK CnC Beacon
sid 2020734 format suricata
et-open command-and-control
ET MALWARE Win32/TrojanProxy.JpiProx.B CnC Beacon 1
sid 2020737 format suricata
et-open command-and-control
ET MALWARE Win32/TrojanProxy.JpiProx.B CnC Beacon 2
sid 2020738 format suricata
et-open command-and-control
ET MALWARE Volatile Cedar Win32.Explosive CnC Beacon 3
sid 2020809 format suricata
et-open command-and-control
ET MALWARE Volatile Cedar Win32.Explosive HTTP CnC Beacon 1
sid 2020812 format suricata
et-open command-and-control
ET MALWARE Volatile Cedar Win32.Explosive HTTP CnC Beacon 1
sid 2020813 format suricata
et-open command-and-control
ET MALWARE Win32/Hyteod CnC Beacon
sid 2020821 format suricata
et-open command-and-control
ET MALWARE Win32/Injector.BXEW Variant HTTP CnC Beacon 1
sid 2020833 format suricata
et-open command-and-control
ET MALWARE Win32/Injector.BXEW Variant HTTP CnC Beacon 2
sid 2020834 format suricata
et-open command-and-control
ET MALWARE Win32/Injector.BXEW Variant HTTP CnC Beacon 3
sid 2020835 format suricata
et-open command-and-control
ET MALWARE Operation Buhtrap CnC Beacon 2
sid 2020891 format suricata
et-open command-and-control
ET MALWARE LankerBoy HTTP CnC Beacon
sid 2020902 format suricata
et-open command-and-control
ET MALWARE CoinVault CnC Beacon M1
sid 2020907 format suricata
et-open command-and-control
ET MALWARE CoinVault CnC Beacon M2
sid 2020908 format suricata
et-open command-and-control
ET MALWARE W32/Farfli.BHQ!tr Dropper CnC Beacon 2
sid 2020913 format suricata
et-open command-and-control
ET MALWARE FighterPOS CnC Beacon 1
sid 2020918 format suricata
et-open command-and-control
ET MALWARE FighterPOS CnC Beacon 2
sid 2020919 format suricata
et-open command-and-control
ET MALWARE Sysget/HelloBridge HTTP GET CnC Beacon
sid 2020921 format suricata
et-open command-and-control
ET MALWARE Zacom/NFlog HTTP POST Fake UA CnC Beacon
sid 2020925 format suricata
et-open command-and-control
ET MALWARE Dalexis CnC Beacon
sid 2020933 format suricata
et-open command-and-control
ET MALWARE PunkeyPOS HTTP CnC Beacon Fake UA
sid 2020934 format suricata
et-open command-and-control
ET MALWARE PunkeyPOS HTTP CnC Beacon 1
sid 2020935 format suricata
et-open command-and-control
ET MALWARE PunkeyPOS HTTP CnC Beacon 2
sid 2020936 format suricata
et-open command-and-control
ET MALWARE PunkeyPOS HTTP CnC Beacon 3
sid 2020937 format suricata
Showing 151-200 of 926
Prev 4 Next
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin