Home/Network IDS rules
IDS / IPS

Network IDS rules

102 rules · linked to T1001 · Snort / Suricata signatures
Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. Expand a rule to view its source link.

Rules

50 shown of 102
et-open misc-activity
ET INFO Adilbo HTML Encoder Observed
sid 2024763 format suricata
et-open command-and-control
ET MALWARE [TGI] Cobalt Strike Malleable C2 Request (O365 Profile)
sid 2028588 format suricata
et-open command-and-control
ET MALWARE [TGI] Cobalt Strike Malleable C2 Response (O365 Profile) M2
sid 2028589 format suricata
et-open command-and-control
ET MALWARE [TGI] Cobalt Strike Malleable C2 Response (YouTube Profile)
sid 2028590 format suricata
et-open command-and-control
ET MALWARE [TGI] Cobalt Strike Malleable C2 Request (YouTube Profile)
sid 2028591 format suricata
et-open command-and-control
ET JA3 Hash - Suspected Cobalt Strike Malleable C2 M1 (set)
sid 2028831 format suricata
et-open command-and-control
ET MALWARE Cobalt Strike Malleable C2 Request (Stackoverflow Profile)
sid 2029381 format suricata
et-open command-and-control
ET MALWARE Cobalt Strike Malleable C2 (Havex APT)
sid 2029740 format suricata
et-open command-and-control
ET MALWARE Cobalt Strike Malleable C2 (Magnitude EK)
sid 2029741 format suricata
et-open command-and-control
ET MALWARE Cobalt Strike Malleable C2 (Meterpreter)
sid 2029742 format suricata
et-open command-and-control
ET MALWARE Cobalt Strike Malleable C2 (OneDrive)
sid 2029743 format suricata
et-open command-and-control
ET MALWARE Cobalt Strike Malleable C2 (Adobe RTMP)
sid 2029744 format suricata
et-open command-and-control
ET MALWARE Cobalt Strike Malleable C2 (Custom)
sid 2029977 format suricata
et-open command-and-control
ET MALWARE Cobalt Strike Malleable C2 (Custom)
sid 2029978 format suricata
et-open command-and-control
ET MALWARE Cobalt Strike Malleable C2 (Safebrowse Profile) POST
sid 2030344 format suricata
et-open command-and-control
ET MALWARE Cobalt Strike Malleable C2 (Safebrowse Profile) GET
sid 2030347 format suricata
et-open command-and-control
ET MALWARE Cobalt Strike Malleable C2 (QiHoo Profile)
sid 2032746 format suricata
et-open command-and-control
ET MALWARE Cobalt Strike Malleable C2 (MSDN Query Profile)
sid 2032747 format suricata
et-open command-and-control
ET MALWARE Cobalt Strike Malleable C2 Webbug Profile
sid 2032748 format suricata
et-open command-and-control
ET MALWARE Cobalt Strike Malleable C2 Amazon Profile
sid 2032749 format suricata
et-open command-and-control
ET MALWARE Cobalt Strike Malleable C2 OCSP Profile
sid 2032750 format suricata
et-open command-and-control
ET MALWARE Cobalt Strike Malleable C2 (jquery Profile)
sid 2032751 format suricata
et-open command-and-control
ET MALWARE Cobalt Strike Malleable C2 (Microsoft Update GET)
sid 2032752 format suricata
et-open command-and-control
ET MALWARE Cobalt Strike Malleable C2 (TrevorForget Profile)
sid 2032754 format suricata
et-open command-and-control
ET MALWARE Cobalt Strike Malleable C2 (Wordpress Profile)
sid 2032755 format suricata
et-open command-and-control
ET MALWARE Cobalt Strike Malleable C2 (WooCommerce Profile)
sid 2032756 format suricata
et-open command-and-control
ET MALWARE Cobalt Strike Malleable C2 (WooCommerce Profile)
sid 2032757 format suricata
et-open command-and-control
ET MALWARE Cobalt Strike Malleable C2 (Unknown Profile)
sid 2032953 format suricata
et-open command-and-control
ET MALWARE Cobalt Strike Malleable C2 (Unknown Profile)
sid 2032956 format suricata
et-open command-and-control
ET MALWARE Cobalt Strike Malleable C2 (Unknown Profile)
sid 2032957 format suricata
et-open command-and-control
ET MALWARE Cobalt Strike Malleable C2 Profile (btn_bg)
sid 2032964 format suricata
et-open command-and-control
ET MALWARE Cobalt Strike Malleable C2 Profile (__session__id Cookie)
sid 2032965 format suricata
et-open command-and-control
ET MALWARE Cobalt Strike Malleable C2 Profile (bg)
sid 2032966 format suricata
et-open command-and-control
ET MALWARE Cobalt Strike Malleable C2 Profile (Teams) M1
sid 2032975 format suricata
et-open command-and-control
ET MALWARE Cobalt Strike Malleable C2 Profile (Teams) M2
sid 2032976 format suricata
et-open command-and-control
ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M3
sid 2033008 format suricata
et-open command-and-control
ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response
sid 2033009 format suricata
et-open command-and-control
ET MALWARE Cobalt Strike C2 Profile (news_indexedimages)
sid 2033065 format suricata
et-open command-and-control
ET MALWARE Cobalt Strike Malleable C2 (WooCommerce Profile)
sid 2033141 format suricata
et-open command-and-control
ET MALWARE Cobalt Strike Beacon Activity (GET)
sid 2033142 format suricata
et-open command-and-control
ET MALWARE Cobalt Strike Beacon Activity (Wordpress Profile)
sid 2033143 format suricata
et-open trojan-activity
ET MALWARE Cobalt Strike Beacon Activity (GET)
sid 2033145 format suricata
et-open trojan-activity
ET MALWARE Cobalt Strike Malleable C2 Profile (extension.css)
sid 2033148 format suricata
et-open trojan-activity
ET MALWARE Cobalt Strike Malleable C2 Profile wordpress_ Cookie Test
sid 2033158 format suricata
et-open trojan-activity
ET MALWARE Cobalt Strike Beacon Activity (GET)
sid 2033384 format suricata
et-open domain-c2
ET MALWARE Observed CobaltStrike CnC Domain (krinsop .com in TLS SNI)
sid 2033392 format suricata
et-open domain-c2
ET MALWARE Observed CobaltStrike CnC Domain (charity-wallet .com in TLS SNI)
sid 2033393 format suricata
et-open domain-c2
ET MALWARE Observed CobaltStrike CnC Domain (gmbfrom .com in TLS SNI)
sid 2033394 format suricata
et-open bad-unknown
ET JA3 Hash - Possible Cobalt Strike Server
sid 2033395 format suricata
et-open bad-unknown
ET JA3 Hash - Possible Cobalt Strike Server
sid 2033396 format suricata
Showing 1-50 of 102
Prev 1 Next
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin