Home/Network IDS rules
IDS / IPS

Network IDS rules

279 rules · linked to T1486 · Snort / Suricata signatures
Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. Expand a rule to view its source link.

Rules

29 shown of 279
et-open trojan-activity
ET MALWARE BleachGap Ransomware Checkin (POST)
sid 2033902 format suricata
et-open trojan-activity
ET MALWARE Win32/Limbozar Ransomware Activity (POST)
sid 2034195 format suricata
et-open command-and-control
ET MALWARE slock Ransomware CnC Activity
sid 2034291 format suricata
et-open command-and-control
ET MALWARE Ransomware.Hidden-Tear Variant CnC Checkin
sid 2034675 format suricata
et-open command-and-control
ET MALWARE MSIL/Khonsri Ransomware CnC Activity
sid 2034723 format suricata
et-open trojan-activity
ET MALWARE Loki Locker Ransomware CnC Activity
sid 2035509 format suricata
et-open trojan-activity
ET MALWARE Loki Locker Ransomware Server Response (Public Key) M1
sid 2035512 format suricata
et-open trojan-activity
ET MALWARE Loki Locker Ransomware Server Response (Public Key) M2
sid 2035513 format suricata
et-open trojan-activity
ET MALWARE Snatch Ransomware Checkin (POST)
sid 2035898 format suricata
et-open domain-c2
ET MALWARE BlackCat Ransomware Related Domain in DNS Lookup (updatedaemon .com)
sid 2036313 format suricata
et-open domain-c2
ET MALWARE Observed BlackCat Ransomware Related SSL Cert (updatedaemon .com)
sid 2036314 format suricata
et-open trojan-activity
ET MALWARE Win32/Wacatac Ransomware Variant Retrieving File (GET)
sid 2037129 format suricata
et-open trojan-activity
ET MALWARE Win32/Atomsilo Ransomware Activity (POST)
sid 2038577 format suricata
et-open trojan-activity
ET MALWARE Blackmagic Ransomware Checkin Activity (GET)
sid 2041453 format suricata
et-open trojan-activity
ET MALWARE 7ev3n Ransomware Related Activity (GET)
sid 2042767 format suricata
et-open trojan-activity
ET MALWARE Linux DarkRadiation Ransomware Telegram Activity M1
sid 2044615 format suricata
et-open trojan-activity
ET MALWARE Linux DarkRadiation Ransomware Telegram Activity M2
sid 2044616 format suricata
et-open trojan-activity
ET MALWARE Possible Linux DarkRadiation Ransomware Telegram Activity
sid 2044618 format suricata
et-open trojan-activity
ET MALWARE Linux DarkRadiation Ransomware Telegram Activity M3
sid 2044619 format suricata
et-open command-and-control
ET MALWARE Possible Lockbit CnC Checkin
sid 2045316 format suricata
et-open command-and-control
ET MALWARE [ANY.RUN] RCRU64 Ransomware Variant CnC Activity
sid 2045821 format suricata
et-open trojan-activity
ET MALWARE Observed BlackDolphin Ransomware Builder Cookie
sid 2048392 format suricata
et-open trojan-activity
ET MALWARE BlackDolphin Ransomware Builder Landing Page M2
sid 2048393 format suricata
et-open trojan-activity
ET MALWARE BlackDolphin Ransomware Builder Landing Page M3
sid 2048394 format suricata
et-open trojan-activity
ET MALWARE BlackDolphin Ransomware Builder Landing Page M4
sid 2048395 format suricata
et-open trojan-activity
ET MALWARE BlackDolphin Ransomware Builder Landing Page M1
sid 2048396 format suricata
et-open trojan-activity
ET MALWARE Prince Ransomware GET Wallpaper M1
sid 2064816 format suricata
et-open trojan-activity
ET MALWARE Prince Ransomware GET Wallpaper M2
sid 2064817 format suricata
et-open trojan-activity
ET MALWARE Prince Ransomware GET Wallpaper M3
sid 2064818 format suricata
Showing 251-279 of 279
Prev 6 Next
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin