Home/Network IDS rules
IDS / IPS

Network IDS rules

279 rules · linked to T1486 · Snort / Suricata signatures
Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. Expand a rule to view its source link.

Rules

50 shown of 279
et-open trojan-activity
ET MALWARE BKransomware Domain (3whyfziey2vr41yq in DNS Lookup)
sid 2025559 format suricata
et-open trojan-activity
ET MALWARE Iron Ransomware Domain (y5mogzal2w25p6bn .ml in DNS Lookup)
sid 2025567 format suricata
et-open command-and-control
ET MALWARE Aurora/OneKeyLocker Ransomware CnC Checkin
sid 2025586 format suricata
et-open command-and-control
ET MALWARE [PTsecurity] Donut Ransomware CnC Checkin
sid 2025595 format suricata
et-open command-and-control
ET MALWARE [eSentire] Win32/GandCrab v4/5 Ransomware CnC Activity
sid 2025638 format suricata
et-open command-and-control
ET MALWARE Aurora Ransomware CnC Checkin
sid 2025931 format suricata
et-open command-and-control
ET MALWARE Win32/Aura Ransomware CnC Activity
sid 2026099 format suricata
et-open trojan-activity
ET MALWARE Kraken Ransomware End Activity
sid 2026473 format suricata
et-open trojan-activity
ET MALWARE [PTsecurity] WeChat (Ransomware/Stealer) HttpHeader
sid 2026688 format suricata
et-open command-and-control
ET MALWARE ELF/Win32 Lucky Ransomware CnC Checkin
sid 2026725 format suricata
et-open policy-violation
ET MALWARE Observed CDC Ransomware User-Agent
sid 2026893 format suricata
et-open trojan-activity
ET MALWARE Shade Ransomware Payment Domain in DNS Lookup
sid 2027379 format suricata
et-open trojan-activity
ET MALWARE Maze/ID Ransomware Activity
sid 2027392 format suricata
et-open trojan-activity
ET MALWARE Observed Buran Ransomware UA (BURAN)
sid 2027443 format suricata
et-open trojan-activity
ET MALWARE Observed Buran Ransomware UA (GHOST)
sid 2027444 format suricata
et-open trojan-activity
ET MALWARE Buran Ransomware Activity M1
sid 2027446 format suricata
et-open trojan-activity
ET MALWARE LooCipher Ransomware Onion Domain
sid 2027754 format suricata
et-open trojan-activity
ET MALWARE Win32/Nemty Ransomware Style Geo IP Check M1
sid 2027913 format suricata
et-open trojan-activity
ET MALWARE Win32/Nemty Ransomware Style Geo IP Check M2
sid 2027914 format suricata
et-open trojan-activity
ET MALWARE HTTP Request for Possible ELF/LiLocked Ransomware Note
sid 2027967 format suricata
et-open unknown
ET JA3 Hash - [Abuse.ch] Possible Troldesh Ransomware
sid 2028760 format suricata
et-open unknown
ET JA3 Hash - [Abuse.ch] Possible Ransomware
sid 2028809 format suricata
et-open command-and-control
ET MALWARE Win32/AnteFrigus Ransomware Activity
sid 2028966 format suricata
et-open command-and-control
ET MALWARE Observed Buran Ransomware UA
sid 2028991 format suricata
et-open trojan-activity
ET MALWARE Cyborg Ransomware - Downloading Desktop Background
sid 2029052 format suricata
et-open command-and-control
ET MALWARE Observed Buran Ransomware UA
sid 2029101 format suricata
et-open command-and-control
ET MALWARE Win32/Snatch Ransomware - Encryption Started
sid 2029103 format suricata
et-open command-and-control
ET MALWARE ShivaGood Ransomware CnC Checkin
sid 2029177 format suricata
et-open command-and-control
ET MALWARE Observed Buran Ransomware UA
sid 2029220 format suricata
et-open command-and-control
ET MALWARE Zeoticus Ransomware CnC Activity
sid 2029231 format suricata
et-open command-and-control
ET MALWARE Mermaid Ransomware Variant CnC Activity M1
sid 2029234 format suricata
et-open command-and-control
ET MALWARE Magician/M461c14n Ransomware CnC Checkin
sid 2029237 format suricata
et-open command-and-control
ET MALWARE Satan/5ss5c Ransomware CnC Activity
sid 2029269 format suricata
et-open command-and-control
ET MALWARE Nemty Ransomware CnC Checkin
sid 2029290 format suricata
et-open trojan-activity
ET MALWARE Nemty Ransomware Payment Page ID File Upload
sid 2029292 format suricata
et-open command-and-control
ET MALWARE Mermaid Ransomware Variant CnC Activity M2
sid 2029320 format suricata
et-open command-and-control
ET MALWARE Mermaid Ransomware Variant CnC Activity M3
sid 2029321 format suricata
et-open command-and-control
ET MALWARE CryptoPatronum Ransomware CnC Checkin
sid 2029349 format suricata
et-open command-and-control
ET MALWARE Mermaid Ransomware Variant CnC Activity M4
sid 2029496 format suricata
et-open command-and-control
ET MALWARE Baraka Ransomware CnC activity email SMTP
sid 2029552 format suricata
et-open command-and-control
ET MALWARE Magniber Ransomware Retrieving Instructions
sid 2029579 format suricata
et-open domain-c2
ET MALWARE Magniber Ransomware CnC Domain in DNS Lookup
sid 2029580 format suricata
et-open domain-c2
ET MALWARE Magniber Ransomware CnC Domain in DNS Lookup
sid 2029581 format suricata
et-open command-and-control
ET MALWARE PXJ Ransomware CnC Activity
sid 2029615 format suricata
et-open trojan-activity
ET MALWARE [PTsecurity] MZRevenge Ransomware Server Response
sid 2029644 format suricata
et-open trojan-activity
ET MALWARE MZRevenge Ransomware CnC
sid 2029647 format suricata
et-open command-and-control
ET MALWARE Sekhmet Ransomware CnC Activity
sid 2029728 format suricata
et-open command-and-control
ET MALWARE MSIL/n2019cov (COVID-19) Ransomware CnC Checkin
sid 2029736 format suricata
et-open domain-c2
ET MALWARE Observed DNS Query to Redkeeper Ransomware Domain
sid 2029898 format suricata
et-open trojan-activity
ET MALWARE Various Ransomware/Stealer Style External IP Address Check (myip .ch)
sid 2029933 format suricata
Showing 151-200 of 279
Prev 4 Next
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin