Home/Network IDS rules
IDS / IPS

Network IDS rules

27 rules · linked to T1036 · Snort / Suricata signatures
Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. Expand a rule to view its source link.

Rules

27 shown of 27
et-open unknown
ET HUNTING Double Extension ZIP File Downloaded from Discord (Request)
sid 2035027 format suricata
et-open unknown
ET HUNTING Double Extension VBS File Downloaded from Discord (Request)
sid 2035028 format suricata
et-open unknown
ET HUNTING Double Extension PIF File Downloaded from Discord (Request)
sid 2035029 format suricata
et-open unknown
ET HUNTING Double Extension EXE File Downloaded from Discord (Request)
sid 2035030 format suricata
et-open social-engineering
ET HUNTING Redirect to stockx.com
sid 2056144 format suricata
et-open unknown
ET HUNTING Empty Location Header from CloudFlare Server 2024-12-05
sid 2058074 format suricata
et-open bad-unknown
ET HUNTING ConnectWise ScreenConnect Revoked Code Signing Certificate M1
sid 2063279 format suricata
et-open bad-unknown
ET HUNTING ConnectWise ScreenConnect Revoked Code Signing Certificate M2
sid 2063280 format suricata
et-open misc-activity
ET INFO QR Generator Domain in DNS Lookup (qr-generator .ai)
sid 2066637 format suricata
et-open misc-activity
ET INFO QR Generator Domain in DNS Lookup (qr .pro)
sid 2066638 format suricata
et-open misc-activity
ET INFO QR Generator Domain in DNS Lookup (online-qr-generator .com)
sid 2066639 format suricata
et-open misc-activity
ET INFO QR Generator Domain in DNS Lookup (scan .page)
sid 2066640 format suricata
et-open misc-activity
ET INFO QR Generator Domain in DNS Lookup (view .page)
sid 2066641 format suricata
et-open misc-activity
ET INFO QR Generator Domain in DNS Lookup (scanned .page)
sid 2066642 format suricata
et-open misc-activity
ET INFO QR Generator Domain in DNS Lookup (qr-code .io)
sid 2066643 format suricata
et-open misc-activity
ET INFO QR Generator Domain in DNS Lookup (qr-code .click)
sid 2066644 format suricata
et-open misc-activity
ET INFO Observed QR Generator Domain (qr-generator .ai in TLS SNI)
sid 2066645 format suricata
et-open misc-activity
ET INFO Observed QR Generator Domain (qr .pro in TLS SNI)
sid 2066646 format suricata
et-open misc-activity
ET INFO Observed QR Generator Domain (online-qr-generator .com in TLS SNI)
sid 2066647 format suricata
et-open misc-activity
ET INFO Observed QR Generator Domain (scan .page in TLS SNI)
sid 2066648 format suricata
et-open misc-activity
ET INFO Observed QR Generator Domain (view .page in TLS SNI)
sid 2066649 format suricata
et-open misc-activity
ET INFO Observed QR Generator Domain (scanned .page in TLS SNI)
sid 2066650 format suricata
et-open misc-activity
ET INFO Observed QR Generator Domain (qr-code .io in TLS SNI)
sid 2066651 format suricata
et-open misc-activity
ET INFO Observed QR Generator Domain (qr-code .click in TLS SNI)
sid 2066652 format suricata
et-open trojan-activity
ET HUNTING SupaServ Legitimate Traffic Impersonation
sid 2068051 format suricata
et-open trojan-activity
ET HUNTING LuminousStealer Legitimate Traffic Impersonation
sid 2068052 format suricata
et-open misc-activity
ET INFO Traffic Flooding To Evade Detection (mercadolibre .com)
sid 2068812 format suricata
Showing 1-27 of 27
Prev 1 Next
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin