Home/Network IDS rules
IDS / IPS

Network IDS rules

621 rules · linked to T1027 · Snort / Suricata signatures
Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. Expand a rule to view its source link.

Rules

50 shown of 621
et-open trojan-activity
ET MALWARE Perfect Keylogger FTP Initial Install Log Upload (Null obfuscated)
sid 2008327 format suricata
et-open bad-unknown
ET HUNTING http string in hex Possible Obfuscated Exploit Redirect
sid 2012118 format suricata
et-open bad-unknown
ET WEB_CLIENT Obfuscated Javascript // ptth
sid 2012325 format suricata
et-open bad-unknown
ET WEB_CLIENT Obfuscated Javascript // ptth (escaped)
sid 2012326 format suricata
et-open shellcode-detect
ET HUNTING Possible Hex Obfuscated JavaScript Heap Spray 0a0a0a0a
sid 2013267 format suricata
et-open shellcode-detect
ET SHELLCODE Hex Obfuscated JavaScript Heap Spray 0b0b0b0b
sid 2013268 format suricata
et-open shellcode-detect
ET SHELLCODE Hex Obfuscated JavaScript Heap Spray 0c0c0c0c
sid 2013269 format suricata
et-open shellcode-detect
ET SHELLCODE Hex Obfuscated JavaScript Heap Spray 0d0d0d0d
sid 2013270 format suricata
et-open shellcode-detect
ET SHELLCODE Hex Obfuscated JavaScript NOP SLED
sid 2013271 format suricata
et-open shellcode-detect
ET SHELLCODE Unescape Hex Obfuscated Content
sid 2013272 format suricata
et-open shellcode-detect
ET SHELLCODE Double BackSlash Hex Obfuscated JavaScript Heap Spray 0a0a0a0a
sid 2013274 format suricata
et-open shellcode-detect
ET SHELLCODE Double BackSlash Hex Obfuscated JavaScript Heap Spray 0b0b0b0b
sid 2013275 format suricata
et-open shellcode-detect
ET SHELLCODE Double BackSlash Hex Obfuscated JavaScript Heap Spray 0c0c0c0c
sid 2013276 format suricata
et-open shellcode-detect
ET SHELLCODE Double BackSlash Hex Obfuscated JavaScript Heap Spray 0d0d0d0d
sid 2013277 format suricata
et-open shellcode-detect
ET SHELLCODE Double BackSlash Hex Obfuscated JavaScript NOP SLED
sid 2013278 format suricata
et-open shellcode-detect
ET SHELLCODE Double BackSlash Hex Obfuscated JavaScript Heap Spray 41414141
sid 2013279 format suricata
et-open exploit-kit
ET EXPLOIT_KIT Probable Sakura exploit kit landing page with obfuscated URLs
sid 2015679 format suricata
et-open exploit-kit
ET EXPLOIT_KIT Probable Sakura Java applet with obfuscated URL Sep 21 2012
sid 2015735 format suricata
et-open attempted-user
ET WEB_SERVER Image Content-Type with Obfuscated PHP (Seen with C99 Shell)
sid 2015755 format suricata
et-open exploit-kit
ET EXPLOIT_KIT Sakura/RedKit obfuscated URL
sid 2015858 format suricata
et-open misc-activity
ET ATTACK_RESPONSE Obfuscated JS - Possible URL Encoded JS Inbound
sid 2016132 format suricata
et-open misc-activity
ET ATTACK_RESPONSE Obfuscated JS - URL Encoded Unescape Function Call Inbound
sid 2016134 format suricata
et-open exploit-kit
ET EXPLOIT_KIT Probable Sakura exploit kit landing page obfuscated applet tag Mar 1 2013
sid 2016520 format suricata
et-open exploit-kit
ET EXPLOIT_KIT Probable Sakura exploit kit landing page obfuscated applet tag Mar 28 2013
sid 2016704 format suricata
et-open exploit-kit
ET EXPLOIT_KIT RedKit applet + obfuscated URL Apr 7 2013
sid 2016734 format suricata
et-open exploit-kit
ET EXPLOIT_KIT RedKit/Sakura/CritX/SafePack/FlashPack applet + obfuscated URL Apr 10 2013
sid 2016751 format suricata
et-open exploit-kit
ET EXPLOIT_KIT Sakura obfuscated javascript Jun 1 2013
sid 2016966 format suricata
et-open bad-unknown
ET ATTACK_RESPONSE Obfuscated Eval String 1
sid 2017206 format suricata
et-open bad-unknown
ET ATTACK_RESPONSE Obfuscated Eval String 2
sid 2017207 format suricata
et-open bad-unknown
ET ATTACK_RESPONSE Obfuscated Eval String 3
sid 2017208 format suricata
et-open bad-unknown
ET ATTACK_RESPONSE Obfuscated Eval String 4
sid 2017209 format suricata
et-open bad-unknown
ET ATTACK_RESPONSE Obfuscated Eval String 5
sid 2017210 format suricata
et-open bad-unknown
ET ATTACK_RESPONSE Obfuscated Eval String 6
sid 2017211 format suricata
et-open bad-unknown
ET ATTACK_RESPONSE Obfuscated Eval String (Single Q) 1
sid 2017212 format suricata
et-open bad-unknown
ET ATTACK_RESPONSE Obfuscated Eval String (Single Q) 2
sid 2017213 format suricata
et-open bad-unknown
ET ATTACK_RESPONSE Obfuscated Eval String (Single Q) 3
sid 2017214 format suricata
et-open bad-unknown
ET ATTACK_RESPONSE Obfuscated Eval String (Single Q) 4
sid 2017215 format suricata
et-open bad-unknown
ET ATTACK_RESPONSE Obfuscated Eval String (Single Q) 5
sid 2017216 format suricata
et-open bad-unknown
ET ATTACK_RESPONSE Obfuscated Eval String (Single Q) 6
sid 2017217 format suricata
et-open bad-unknown
ET ATTACK_RESPONSE Obfuscated Eval String (Single Q) 7
sid 2017218 format suricata
et-open bad-unknown
ET ATTACK_RESPONSE Obfuscated Eval String 7
sid 2017219 format suricata
et-open bad-unknown
ET HUNTING Obfuscated Split String (Single Q) 1
sid 2017220 format suricata
et-open bad-unknown
ET HUNTING Obfuscated Split String (Single Q) 2
sid 2017221 format suricata
et-open bad-unknown
ET HUNTING Obfuscated Split String (Single Q) 3
sid 2017222 format suricata
et-open bad-unknown
ET HUNTING Obfuscated Split String (Single Q) 4
sid 2017223 format suricata
et-open bad-unknown
ET HUNTING Obfuscated Split String (Single Q) 5
sid 2017224 format suricata
et-open bad-unknown
ET HUNTING Obfuscated Split String (Single Q) 6
sid 2017225 format suricata
et-open bad-unknown
ET HUNTING Obfuscated Split String (Single Q) 7
sid 2017226 format suricata
et-open bad-unknown
ET HUNTING Obfuscated Split String (Single Q) 8
sid 2017227 format suricata
et-open bad-unknown
ET HUNTING Obfuscated Split String (Single Q) 9
sid 2017228 format suricata
Showing 1-50 of 621
Prev 1 Next
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin