Home/Network IDS rules
IDS / IPS

Network IDS rules

6,117 rules · linked to T1071 · Snort / Suricata signatures
Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. Expand a rule to view its source link.

Rules

50 shown of 6,117
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (DonotGroup CnC)
sid 2029184 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Upatre CnC)
sid 2029201 format suricata
et-open domain-c2
ET MALWARE Observed Upatre CnC Domain in TLS SNI
sid 2029202 format suricata
et-open trojan-activity
ET MALWARE Observed Magecart CnC Domain in TLS SNI
sid 2029204 format suricata
et-open domain-c2
ET MALWARE Malicious SSL Cert (Magecart)
sid 2029205 format suricata
et-open domain-c2
ET MALWARE Observed Magecart CnC Domain in TLS SNI
sid 2029225 format suricata
et-open domain-c2
ET MALWARE Observed Magecart CnC Domain in TLS SNI
sid 2029228 format suricata
et-open domain-c2
ET MALWARE Malicious SSL Cert (Magecart)
sid 2029229 format suricata
et-open domain-c2
ET MALWARE Observed Magecart CnC Domain in TLS SNI
sid 2029301 format suricata
et-open domain-c2
ET MALWARE Malicious SSL Cert (Magecart)
sid 2029302 format suricata
et-open domain-c2
ET MALWARE Observed Magecart CnC Domain in TLS SNI
sid 2029304 format suricata
et-open domain-c2
ET MALWARE Malicious SSL Cert (Magecart)
sid 2029305 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (ELF/Rekoobe CnC)
sid 2029307 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (BrushaLoader CnC)
sid 2029311 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (BrushaLoader CnC)
sid 2029312 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (BrushaLoader CnC)
sid 2029313 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (BrushaLoader CnC)
sid 2029315 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (BrushaLoader CnC)
sid 2029316 format suricata
et-open domain-c2
ET MALWARE Observed Unk.PowerShell Loader CnC Domain in TLS SNI
sid 2029325 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Charming Kitten Phishing Domain)
sid 2029354 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Charming Kitten Phishing Domain)
sid 2029355 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Charming Kitten Phishing Domain)
sid 2029357 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Charming Kitten Phishing Domain)
sid 2029358 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Charming Kitten Phishing Domain)
sid 2029359 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Charming Kitten Phishing Domain)
sid 2029362 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Charming Kitten Phishing Domain)
sid 2029363 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Charming Kitten Phishing Domain)
sid 2029364 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Charming Kitten Phishing Domain)
sid 2029366 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Charming Kitten Phishing Domain)
sid 2029367 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Charming Kitten Phishing Domain)
sid 2029368 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Charming Kitten Phishing Domain)
sid 2029369 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Charming Kitten Phishing Domain)
sid 2029370 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Charming Kitten Phishing Domain)
sid 2029371 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Charming Kitten Phishing Domain)
sid 2029372 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Charming Kitten Phishing Domain)
sid 2029374 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Charming Kitten Phishing Domain)
sid 2029375 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Charming Kitten Phishing Domain)
sid 2029376 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Charming Kitten Phishing Domain)
sid 2029379 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (APT34 CnC)
sid 2029385 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (BrushaLoader CnC)
sid 2029386 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (MINEBRIDGE/MINEDOOR CnC)
sid 2029388 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (MINEBRIDGE/MINEDOOR CnC)
sid 2029389 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (MINEBRIDGE/MINEDOOR CnC)
sid 2029391 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (MINEBRIDGE/MINEDOOR CnC)
sid 2029392 format suricata
et-open domain-c2
ET MALWARE Malicious SSL Certificate detected (Patchwork CnC)
sid 2029394 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (TinyNuke Variant CnC) 2020-02-09
sid 2029400 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (FIN7/GRIFFON CnC)
sid 2029449 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (AgentTesla CnC)
sid 2029469 format suricata
et-open domain-c2
ET MALWARE Malicious SSL Certificate detected (Cobalt Strike CnC)
sid 2029491 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (MageCart CnC)
sid 2029501 format suricata
Showing 201-250 of 6,117
Prev 5 Next
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin