Home/Network IDS rules
IDS / IPS

Network IDS rules

6,117 rules · linked to T1071 · Snort / Suricata signatures
Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. Expand a rule to view its source link.

Rules

50 shown of 6,117
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (DonotGroup CnC)
sid 2028624 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (DeadlyKiss APT)
sid 2028626 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (AZORult CnC Server) 2019-10-07
sid 2028652 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (AZORult CnC Server) 2019-10-03
sid 2028653 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (AZORult CnC Server) 2019-10-03
sid 2028654 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (AZORult CnC Server) 2019-10-02
sid 2028655 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (AZORult CnC Server) 2019-10-01
sid 2028656 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (AZORult CnC Server) 2019-09-30
sid 2028657 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (AZORult CnC Server) in SNI 2019-09-27
sid 2028659 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (AZORult CnC Server) 2019-10-08
sid 2028672 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (AZORult CnC Server) 2019-10-08
sid 2028673 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (APT MustangPanda CnC)
sid 2028824 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (OSX/AppleJeus Variant CnC)
sid 2028827 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (MageCart Staging Domain)
sid 2028835 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (DonotGroup CnC)
sid 2028893 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (AZORult CnC Server) 2019-10-08
sid 2028894 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (APT32 CnC)
sid 2028898 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (CobInt CnC)
sid 2028905 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (MalDoc DL) 2019-10-24
sid 2028911 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Turla CnC)
sid 2028944 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Possible APT33 CnC)
sid 2028968 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (MalDoc DL 2019-11-15)
sid 2028985 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Sidewinder APT CnC)
sid 2028986 format suricata
et-open domain-c2
ET MALWARE Observed CobInt CnC Domain in TLS SNI
sid 2028987 format suricata
et-open domain-c2
ET MALWARE Observed CobInt CnC Domain in TLS SNI
sid 2028988 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (AZORult CnC) 2019-11-18
sid 2029001 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (DonotGroup CnC)
sid 2029004 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (OSX/Nukesped CnC)
sid 2029005 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (OSX/Nukesped CnC)
sid 2029006 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (OSX/Nukesped CnC)
sid 2029007 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Ursnif CnC)
sid 2029047 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (ACBackdoor CnC)
sid 2029048 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Possible Godlua CnC)
sid 2029050 format suricata
et-open domain-c2
ET MALWARE Malicious SSL Certificate detected (PyXie)
sid 2029084 format suricata
et-open domain-c2
ET MALWARE Malicious SSL Certificate detected (PyXie)
sid 2029085 format suricata
et-open domain-c2
ET MALWARE Malicious SSL Certificate detected (PyXie)
sid 2029087 format suricata
et-open domain-c2
ET MALWARE Malicious SSL Certificate detected (PyXie)
sid 2029088 format suricata
et-open domain-c2
ET MALWARE Malicious SSL Certificate detected (PyXie)
sid 2029089 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (MageCart)
sid 2029102 format suricata
et-open domain-c2
ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)
sid 2029116 format suricata
et-open domain-c2
ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)
sid 2029117 format suricata
et-open domain-c2
ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)
sid 2029118 format suricata
et-open domain-c2
ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)
sid 2029120 format suricata
et-open domain-c2
ET MALWARE Malicious SSL Cert (Magecart)
sid 2029128 format suricata
et-open domain-c2
ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)
sid 2029130 format suricata
et-open domain-c2
ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)
sid 2029131 format suricata
et-open domain-c2
ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)
sid 2029132 format suricata
et-open domain-c2
ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)
sid 2029133 format suricata
et-open domain-c2
ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)
sid 2029135 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Sidewinder APT CnC)
sid 2029182 format suricata
Showing 151-200 of 6,117
Prev 4 Next
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin