Home/Network IDS rules
IDS / IPS

Network IDS rules

89 rules · linked to T1005 · Snort / Suricata signatures
Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. Expand a rule to view its source link.

Rules

50 shown of 89
et-open pup-activity
ET ADWARE_PUP Xpire.info Spyware Install Reporting
sid 2001472 format suricata
et-open pup-activity
ET ADWARE_PUP Searchmeup Spyware Install (prog)
sid 2001474 format suricata
et-open pup-activity
ET ADWARE_PUP Searchmeup Spyware Install (systime)
sid 2001480 format suricata
et-open pup-activity
ET ADWARE_PUP Searchmeup Spyware Install (mstask)
sid 2001483 format suricata
et-open pup-activity
ET ADWARE_PUP Searchmiracle.com Spyware Installer silent.exe Download
sid 2001533 format suricata
et-open pup-activity
ET ADWARE_PUP Searchmiracle.com Spyware Install (silent_install)
sid 2001534 format suricata
et-open pup-activity
ET ADWARE_PUP Searchmiracle.com Spyware Install (protector.exe)
sid 2001535 format suricata
et-open pup-activity
ET ADWARE_PUP Context Plus Spyware Install
sid 2001704 format suricata
et-open pup-activity
ET ADWARE_PUP yupsearch.com Spyware Install - protector.exe
sid 2002092 format suricata
et-open pup-activity
ET ADWARE_PUP yupsearch.com Spyware Install - sideb.exe
sid 2002098 format suricata
et-open pup-activity
ET ADWARE_PUP Zenotecnico Spyware Install Report
sid 2002737 format suricata
et-open pup-activity
ET ADWARE_PUP Best-targeted-traffic.com Spyware Install
sid 2003210 format suricata
et-open pup-activity
ET ADWARE_PUP Morpheus Spyware Install User-Agent (SmartInstaller)
sid 2003398 format suricata
et-open pup-activity
ET ADWARE_PUP clickspring.com Spyware Install User-Agent (CS Fingerprint Module)
sid 2003425 format suricata
et-open pup-activity
ET ADWARE_PUP Surfaccuracy.com Spyware Install User-Agent (SF Installer)
sid 2003428 format suricata
et-open pup-activity
ET ADWARE_PUP Dropspam.com Spyware Install User-Agent (DSInstall)
sid 2003439 format suricata
et-open pup-activity
ET ADWARE_PUP Deskwizz.com Spyware Install INI Download
sid 2003445 format suricata
et-open bad-unknown
ET ADWARE_PUP Socelars Related Domain in DNS Lookup
sid 2033607 format suricata
et-open trojan-activity
ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)
sid 2046045 format suricata
et-open trojan-activity
ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)
sid 2046056 format suricata
et-open trojan-activity
ET MALWARE Redline Stealer/MetaStealer Family TCP CnC Activity - MSValue (Outbound)
sid 2046105 format suricata
et-open trojan-activity
ET MALWARE Redline Stealer/MetaStealer Family TCP CnC Activity - MSValue (Response)
sid 2046106 format suricata
et-open trojan-activity
ET MALWARE [ANY.RUN] RisePro TCP (Token)
sid 2046266 format suricata
et-open trojan-activity
ET MALWARE [ANY.RUN] RisePro TCP (External IP)
sid 2046267 format suricata
et-open trojan-activity
ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Get_settings)
sid 2046268 format suricata
et-open trojan-activity
ET MALWARE [ANY.RUN] RisePro TCP (Activity)
sid 2046269 format suricata
et-open trojan-activity
ET MALWARE [ANY.RUN] RisePro TCP (Exfiltration)
sid 2046270 format suricata
et-open trojan-activity
ET MALWARE RisePro TCP Heartbeat Packet
sid 2049060 format suricata
et-open trojan-activity
ET RETIRED Win32/Fewin Stealer Data Exfiltration Attempt
sid 2049140 format suricata
et-open trojan-activity
ET MALWARE RisePro CnC Activity (Outbound)
sid 2049660 format suricata
et-open trojan-activity
ET MALWARE RisePro CnC Activity (Inbound)
sid 2049661 format suricata
et-open trojan-activity
ET MALWARE Lumma Stealer Related Activity
sid 2049836 format suricata
et-open trojan-activity
ET MALWARE Generic Stealer Checkin
sid 2049864 format suricata
et-open trojan-activity
ET MALWARE Observed Lumma Stealer Related Domain in TLS SNI (referralpublicationjk .pw)
sid 2049915 format suricata
et-open trojan-activity
ET MALWARE Lumma Stealer Related Domain in DNS Lookup (referralpublicationjk .pw)
sid 2049916 format suricata
et-open trojan-activity
ET MALWARE Jupyter Stealer CnC Checkin M2
sid 2050051 format suricata
et-open trojan-activity
ET MALWARE Win32/ObserverStealer CnC Activity M2 (Check-in)
sid 2051447 format suricata
et-open trojan-activity
ET MALWARE Win32/ObserverStealer CnC Activity M2 (System Information)
sid 2051448 format suricata
et-open trojan-activity
ET MALWARE Win32/ObserverStealer CnC Activity M2 (Screenshot)
sid 2051449 format suricata
et-open trojan-activity
ET MALWARE Win32/ObserverStealer Sending Browser Related Information (Google)
sid 2051450 format suricata
et-open trojan-activity
ET MALWARE Win32/ObserverStealer Sending Browser Related Information (Firefox)
sid 2051451 format suricata
et-open trojan-activity
ET MALWARE Win32/ObserverStealer Sending System Related Information (Thunderbird)
sid 2051452 format suricata
et-open trojan-activity
ET MALWARE Win32/ObserverStealer Sending System Related Information
sid 2051453 format suricata
et-open trojan-activity
ET MALWARE Win32/ObserverStealer Related Activity (POST)
sid 2051454 format suricata
et-open attempted-recon
ET WEB_SPECIFIC_APPS CrushFTP working_dir Template Injection Attempt (CVE-2024-4040)
sid 2052277 format suricata
et-open trojan-activity
ET MALWARE Filch Stealer CnC Checkin
sid 2064802 format suricata
et-open domain-c2
ET MALWARE Filch Stealer CnC Domain in DNS Lookup (cmb8k1nbj000008l1api07o0n .info)
sid 2064803 format suricata
et-open domain-c2
ET MALWARE Observed Filch Stealer Domain (cmb8k1nbj000008l1api07o0n .info) in TLS SNI
sid 2064804 format suricata
et-open trojan-activity
ET MALWARE Nimbus Manticore Minibrowse Backdoor CnC Checkin
sid 2064965 format suricata
et-open trojan-activity
ET MALWARE Nimbus Manticore Minibrowse Data Exfiltration Attempt
sid 2064968 format suricata
Showing 1-50 of 89
Prev 1 Next
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin