Home/Network IDS rules
IDS / IPS

Network IDS rules

6,117 rules · linked to T1071 · Snort / Suricata signatures
Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. Expand a rule to view its source link.

Rules

50 shown of 6,117
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (MageCart Group 12)
sid 2029502 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (MageCart Group 12)
sid 2029504 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (MageCart Group 12)
sid 2029506 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (MageCart Group 12)
sid 2029507 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (MageCart Group 12)
sid 2029508 format suricata
et-open domain-c2
ET MALWARE Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI
sid 2029510 format suricata
et-open domain-c2
ET MALWARE Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI
sid 2029511 format suricata
et-open domain-c2
ET MALWARE Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI
sid 2029512 format suricata
et-open domain-c2
ET MALWARE Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI
sid 2029513 format suricata
et-open domain-c2
ET MALWARE Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI
sid 2029514 format suricata
et-open domain-c2
ET MALWARE Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI
sid 2029515 format suricata
et-open domain-c2
ET MALWARE Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI
sid 2029516 format suricata
et-open domain-c2
ET MALWARE Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI
sid 2029517 format suricata
et-open domain-c2
ET MALWARE Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI
sid 2029518 format suricata
et-open domain-c2
ET MALWARE Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI
sid 2029519 format suricata
et-open domain-c2
ET MALWARE Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI
sid 2029520 format suricata
et-open domain-c2
ET MALWARE Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI
sid 2029521 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (PHPs Labyrinth Stage1 CnC)
sid 2029522 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (MageCart Group 12)
sid 2029524 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (MalDoc DL 2020-02-21)
sid 2029525 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (MalDoc DL 2020-02-21 2)
sid 2029526 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (MalDoc DL 2020-02-21 3)
sid 2029527 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Get2 CnC)
sid 2029528 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Get2 CnC)
sid 2029537 format suricata
et-open domain-c2
ET MALWARE Observed Ursnif Domain in TLS SNI
sid 2029547 format suricata
et-open domain-c2
ET MALWARE Observed Ursnif Domain in TLS SNI
sid 2029548 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Get2 CnC)
sid 2029555 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (SmokeLoader CnC)
sid 2029556 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (SmokeLoader CnC)
sid 2029557 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (SmokeLoader CnC)
sid 2029558 format suricata
et-open domain-c2
ET MALWARE Observed GoBotKR Domain in TLS SNI
sid 2029561 format suricata
et-open domain-c2
ET MALWARE Observed GoBotKR Domain in TLS SNI
sid 2029562 format suricata
et-open domain-c2
ET MALWARE Observed GoBotKR Domain in TLS SNI
sid 2029563 format suricata
et-open domain-c2
ET MALWARE Observed GoBotKR Domain in TLS SNI
sid 2029564 format suricata
et-open domain-c2
ET MALWARE Observed GoBotKR Domain in TLS SNI
sid 2029565 format suricata
et-open domain-c2
ET MALWARE Observed Magecart Domain (webscriptly .com in TLS SNI)
sid 2029567 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Get2 CnC)
sid 2029568 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (MageCart)
sid 2029571 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (MonetizUs/LNKR)
sid 2029594 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (MonetizUs/LNKR)
sid 2029595 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (MalDoc 2020-03-09)
sid 2029596 format suricata
et-open domain-c2
ET MALWARE Observed JS/Skimmer (likely Magecart) Domain in TLS SNI (imprintcenter .com)
sid 2029598 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (ServHelper CnC)
sid 2029602 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (ServHelper CnC)
sid 2029604 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (ServHelper CnC)
sid 2029605 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (ServHelper CnC)
sid 2029610 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (ServHelper CnC)
sid 2029611 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (ServHelper CnC)
sid 2029613 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Cobalt Strike CnC)
sid 2029639 format suricata
et-open domain-c2
ET MALWARE Observed Malicious SSL Cert (Get2 CnC)
sid 2029648 format suricata
Showing 251-300 of 6,117
Prev 6 Next
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin