Home/Network IDS rules
IDS / IPS

Network IDS rules

240 rules · linked to T1102 · Snort / Suricata signatures
Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. Expand a rule to view its source link.

Rules

40 shown of 240
et-open misc-activity
ET INFO DNS Query for Webhook/HTTP Request Inspection Service (hookbin .com)
sid 2067044 format suricata
et-open misc-activity
ET INFO Observed Webhook/HTTP Request Inspection Service Domain (webhookinbox .com) in TLS SNI
sid 2067045 format suricata
et-open misc-activity
ET INFO Observed Webhook/HTTP Request Inspection Service Domain (hookdeck .com) in TLS SNI
sid 2067046 format suricata
et-open misc-activity
ET INFO Observed Webhook/HTTP Request Inspection Service Domain (requestcatcher .com) in TLS SNI
sid 2067047 format suricata
et-open misc-activity
ET INFO Observed Webhook/HTTP Request Inspection Service Domain (webhookrelay .com) in TLS SNI
sid 2067048 format suricata
et-open misc-activity
ET INFO Observed Webhook/HTTP Request Inspection Service Domain (mockly .me) in TLS SNI
sid 2067049 format suricata
et-open misc-activity
ET INFO Observed Webhook/HTTP Request Inspection Service Domain (emailhook .site) in TLS SNI
sid 2067050 format suricata
et-open misc-activity
ET INFO Observed Webhook/HTTP Request Inspection Service Domain (postb .in) in TLS SNI
sid 2067051 format suricata
et-open misc-activity
ET INFO Observed Webhook/HTTP Request Inspection Service Domain (dnshook .site) in TLS SNI
sid 2067052 format suricata
et-open misc-activity
ET INFO Observed Webhook/HTTP Request Inspection Service Domain (webhook .cool) in TLS SNI
sid 2067053 format suricata
et-open misc-activity
ET INFO Observed Webhook/HTTP Request Inspection Service Domain (putsreq .com) in TLS SNI
sid 2067054 format suricata
et-open misc-activity
ET INFO Observed Webhook/HTTP Request Inspection Service Domain (webhooklistener .cloud) in TLS SNI
sid 2067055 format suricata
et-open misc-activity
ET INFO Observed Webhook/HTTP Request Inspection Service Domain (pipedream .com) in TLS SNI
sid 2067056 format suricata
et-open misc-activity
ET INFO Observed Webhook/HTTP Request Inspection Service Domain (webhookcatcher .com) in TLS SNI
sid 2067057 format suricata
et-open misc-activity
ET INFO Observed Webhook/HTTP Request Inspection Service Domain (webhook-test .com) in TLS SNI
sid 2067058 format suricata
et-open misc-activity
ET INFO Observed Webhook/HTTP Request Inspection Service Domain (mockoon .app) in TLS SNI
sid 2067059 format suricata
et-open misc-activity
ET INFO Observed Webhook/HTTP Request Inspection Service Domain (webhook .site) in TLS SNI
sid 2067060 format suricata
et-open misc-activity
ET INFO Observed Webhook/HTTP Request Inspection Service Domain (svix .com) in TLS SNI
sid 2067061 format suricata
et-open misc-activity
ET INFO Observed Webhook/HTTP Request Inspection Service Domain (wiremock .cloud) in TLS SNI
sid 2067062 format suricata
et-open misc-activity
ET INFO Observed Webhook/HTTP Request Inspection Service Domain (webhookapp .dev) in TLS SNI
sid 2067063 format suricata
et-open misc-activity
ET INFO Observed Webhook/HTTP Request Inspection Service Domain (hookbin .com) in TLS SNI
sid 2067064 format suricata
et-open misc-activity
ET INFO Moltbook Domain (moltbook .com) in DNS Lookup
sid 2067247 format suricata
et-open misc-activity
ET INFO Observed Moltbook Domain (moltbook .com) in TLS SNI
sid 2067248 format suricata
et-open trojan-activity
ET INFO Moltbook AI Agent Registration Attempt
sid 2067249 format suricata
et-open trojan-activity
ET INFO Moltbook skill.md request
sid 2067250 format suricata
et-open trojan-activity
ET INFO Moltbook messaging.md request
sid 2067253 format suricata
et-open trojan-activity
ET INFO Moltbook heartbeat.md request
sid 2067258 format suricata
et-open trojan-activity
ET INFO Moltbook skill.json request
sid 2067259 format suricata
et-open social-engineering
ET MALWARE upStage Payload Delivery Domain (7zip .cloud) in DNS Lookup
sid 2067628 format suricata
et-open social-engineering
ET MALWARE Observed upStage Payload Delivery Domain (7zip .cloud) in TLS SNI
sid 2067629 format suricata
et-open misc-activity
ET INFO Abused File Sharing Domain in DNS Lookup (x0 .at)
sid 2068667 format suricata
et-open misc-activity
ET INFO Observed Abused File Sharing Domain (x0 .at in TLS SNI)
sid 2068668 format suricata
et-open misc-activity
ET INFO Pastebin-Like Service Domain in DNS Lookup (paste .kealper .com)
sid 2068685 format suricata
et-open misc-activity
ET INFO Pastebin-Like Service Domain in DNS Lookup (chiaselinks .com)
sid 2068686 format suricata
et-open misc-activity
ET INFO Pastebin-Like Service Domain in DNS Lookup (snippet .host)
sid 2068687 format suricata
et-open misc-activity
ET INFO Pastebin-Like Service Domain in DNS Lookup (rlim .com)
sid 2068688 format suricata
et-open misc-activity
ET INFO Observed Pastebin-Like Service Domain (paste .kealper .com in TLS SNI)
sid 2068689 format suricata
et-open misc-activity
ET INFO Observed Pastebin-Like Service Domain (chiaselinks .com in TLS SNI)
sid 2068690 format suricata
et-open misc-activity
ET INFO Observed Pastebin-Like Service Domain (snippet .host in TLS SNI)
sid 2068691 format suricata
et-open misc-activity
ET INFO Observed Pastebin-Like Service Domain (rlim .com in TLS SNI)
sid 2068692 format suricata
Showing 201-240 of 240
Prev 5 Next
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin