Home/Network IDS rules
IDS / IPS

Network IDS rules

279 rules · linked to T1486 · Snort / Suricata signatures
Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. Expand a rule to view its source link.

Rules

50 shown of 279
et-open command-and-control
ET MALWARE Ragnarok Ransomware CnC Activity M1
sid 2030116 format suricata
et-open command-and-control
ET MALWARE Ragnarok Ransomware CnC Activity M2
sid 2030117 format suricata
et-open trojan-activity
ET MALWARE MAZE Ransomware Payment Domain in DNS Lookup
sid 2030133 format suricata
et-open trojan-activity
ET MALWARE MAZE Ransomware Payment Domain DNS Lookup
sid 2030134 format suricata
et-open bad-unknown
ET POLICY MAZE Ransomware Victim Publishing Site DNS Lookup (mazenews .top)
sid 2030135 format suricata
et-open bad-unknown
ET POLICY MAZE Ransomware Victim Publishing Site DNS Lookup (newsmaze .top)
sid 2030136 format suricata
et-open trojan-activity
ET MALWARE Hakbit/Thanos Ransomware Exfil via FTP
sid 2030156 format suricata
et-open policy-violation
ET POLICY NEPHILIM Ransomware Victim Publishing Site DNS Lookup (corpleaks .net)
sid 2030161 format suricata
et-open policy-violation
ET POLICY NEPHILIM Ransomware Victim Publishing Site DNS Lookup (hxt254aygrsziejn .onion) DNS Lookup
sid 2030162 format suricata
et-open bad-unknown
ET INFO HTTP Request to Lockbit Ransomware Payment Domain
sid 2030166 format suricata
et-open command-and-control
ET MALWARE BigLock Ransomware CnC Activity (info)
sid 2030182 format suricata
et-open command-and-control
ET MALWARE BigLock Ransomware CnC Activity (ext)
sid 2030185 format suricata
et-open command-and-control
ET MALWARE BigLock Ransomware CnC Activity (name)
sid 2030186 format suricata
et-open command-and-control
ET MOBILE_MALWARE Android/xDrop Ransomware CnC Checkin
sid 2030243 format suricata
et-open trojan-activity
ET MALWARE Observed DNS Query to known Avaddon Ransomware Payment Domain
sid 2030251 format suricata
et-open trojan-activity
ET MALWARE Win32/Avaddon Ransomware Style External IP Address Check
sid 2030253 format suricata
et-open trojan-activity
ET MALWARE Hakbit/Thanos Ransomware BMP Download
sid 2030485 format suricata
et-open trojan-activity
ET MALWARE Suspected Lockscreen Ransomware Activity
sid 2030665 format suricata
et-open command-and-control
ET MALWARE Reimageplus Ransomware Checkin
sid 2030852 format suricata
et-open command-and-control
ET MALWARE Exorcist 2.0 Ransomware CnC Activity
sid 2030906 format suricata
et-open command-and-control
ET MALWARE PS/SunCrypt Ransomware CnC Activity
sid 2030907 format suricata
et-open trojan-activity
ET MALWARE LolliCrypt Ransomware Sending Data to CnC
sid 2031160 format suricata
et-open command-and-control
ET MALWARE Pay2Key Ransomware - Sending RSA Key
sid 2031192 format suricata
et-open command-and-control
ET MALWARE Jasmin Ransomware C2 Checkin
sid 2032010 format suricata
et-open command-and-control
ET MALWARE Possible Ransomware HTTP POST to Onion Link Domain
sid 2032219 format suricata
et-open trojan-activity
ET MALWARE HiddenTears Ransomware Activity (GET)
sid 2032320 format suricata
et-open trojan-activity
ET MALWARE Black KingDom Ransomware Related Activity
sid 2032331 format suricata
et-open trojan-activity
ET MALWARE Win32/MereTam.A Ransomware CnC Init Activity
sid 2032419 format suricata
et-open trojan-activity
ET MALWARE Win32/MereTam.A Ransomware CnC Checkin
sid 2032420 format suricata
et-open command-and-control
ET MALWARE DecryptmyFiles Ransomware CnC (POST)
sid 2032994 format suricata
et-open trojan-activity
ET MALWARE Observed DecryptmyFiles Ransomware User-Agent (uniquesession)
sid 2032995 format suricata
et-open command-and-control
ET MALWARE NightfallGT Discord Nitro Ransomware
sid 2033000 format suricata
et-open command-and-control
ET MALWARE Teslarvng Ransomware CnC Activity M1
sid 2033016 format suricata
et-open command-and-control
ET MALWARE Teslarvng Ransomware CnC Activity M2
sid 2033017 format suricata
et-open command-and-control
ET MALWARE Teslarvng Ransomware CnC Activity M3
sid 2033018 format suricata
et-open trojan-activity
ET MALWARE CNRarypt Ransomware CnC Activity
sid 2033075 format suricata
et-open trojan-activity
ET MALWARE MSIL/NoCry Ransomware Checkin Via Discord
sid 2033099 format suricata
et-open trojan-activity
ET MALWARE Linux DarkRadiation Ransomware Activity (wget)
sid 2033159 format suricata
et-open trojan-activity
ET MALWARE Linux DarkRadiation Ransomware Activity (curl)
sid 2033160 format suricata
et-open trojan-activity
ET MALWARE Linux DarkRadiation Ransomware Activity Attack Check
sid 2033162 format suricata
et-open trojan-activity
ET MALWARE Ransomware Decryptor Domain in DNS Query (decryptor .top)
sid 2033201 format suricata
et-open trojan-activity
ET MALWARE Ransomware Decryptor Domain in DNS Query (decoder .re)
sid 2033202 format suricata
et-open command-and-control
ET MALWARE Mespinoza Ransomware - Pre-Encryption File Exfil to CnC
sid 2033343 format suricata
et-open trojan-activity
ET MALWARE Observed Karen Ransomware CnC Checkin
sid 2033772 format suricata
et-open trojan-activity
ET MALWARE Observed Karen Ransomware Powershell Loader
sid 2033773 format suricata
et-open bad-unknown
ET INFO Lockbit Ransomware Related Domain in DNS Lookup (decoding .at)
sid 2033860 format suricata
et-open bad-unknown
ET INFO Lockbit Ransomware Related Domain in DNS Lookup (bigblog .at)
sid 2033861 format suricata
et-open bad-unknown
ET INFO Lockbit Ransomware Related Domain in DNS Lookup (lockbit-decryptor .com)
sid 2033862 format suricata
et-open bad-unknown
ET INFO Lockbit Ransomware Related Domain in DNS Lookup (lockbit-decryptor .top)
sid 2033863 format suricata
et-open domain-c2
ET MALWARE BlackMatter CnC Domain in DNS Lookup (nowautomation .com)
sid 2033892 format suricata
Showing 201-250 of 279
Prev 5 Next
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin