Home/Network IDS rules
IDS / IPS

Network IDS rules

926 rules · linked to T1041 · Snort / Suricata signatures
Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. Expand a rule to view its source link.

Rules

50 shown of 926
et-open command-and-control
ET MALWARE FakeAV Win32/Antivirus2008 CnC Beacon
sid 2008483 format suricata
et-open trojan-activity
ET MALWARE Waledac Beacon Traffic Detected
sid 2008958 format suricata
et-open trojan-activity
ET MALWARE Likely Koobface Beaconing (getexe)
sid 2010700 format suricata
et-open command-and-control
ET MALWARE Downloader.Win32.Small CnC Beacon
sid 2011269 format suricata
et-open command-and-control
ET MALWARE Trojan.Win32.Cosmu.xet CnC Beacon
sid 2011278 format suricata
et-open command-and-control
ET RETIRED Night Dragon CnC Beacon Outbound
sid 2012303 format suricata
et-open trojan-activity
ET MOBILE_MALWARE Android Trojan MSO.PJApps checkin 2
sid 2012452 format suricata
et-open trojan-activity
ET MOBILE_MALWARE Android Trojan Fake10086 checkin 2
sid 2012455 format suricata
et-open trojan-activity
ET MOBILE_MALWARE Android.HongTouTou Checkin
sid 2013072 format suricata
et-open trojan-activity
ET MOBILE_MALWARE Android/Ozotshielder.A Checkin
sid 2013966 format suricata
et-open command-and-control
ET MALWARE Dooptroop CnC Beacon
sid 2014112 format suricata
et-open trojan-activity
ET MALWARE IP2B Trojan Communication Protocol detected
sid 2014226 format suricata
et-open command-and-control
ET RETIRED Backdoor.Win32.RShot Checkin
sid 2014268 format suricata
et-open trojan-activity
ET RETIRED W32/NSIS.TrojanDownloader Second Stage Download Instructions from Server
sid 2014312 format suricata
et-open command-and-control
ET MALWARE FakeM RAT CnC Beacon
sid 2014636 format suricata
et-open command-and-control
ET MALWARE Win32/Trojan.Agent.AXMO CnC Beacon
sid 2016014 format suricata
et-open command-and-control
ET MALWARE W32.Daws/Sanny CnC Initial Beacon
sid 2016050 format suricata
et-open command-and-control
ET MALWARE W32/Downloader.FakeFlashPlayer Status.Php CnC Beacon
sid 2016125 format suricata
et-open command-and-control
ET MALWARE Sakula/Mivast RAT CnC Beacon 1
sid 2016139 format suricata
et-open command-and-control
ET MALWARE W32/Zemra.DDoS.Bot Variant CnC Beacon
sid 2016205 format suricata
et-open command-and-control
ET MALWARE W32/Iyus.H Initial CnC Beacon
sid 2016206 format suricata
et-open command-and-control
ET MALWARE W32/Bilakip.A Downloader API Ping CnC Beacon
sid 2016273 format suricata
et-open command-and-control
ET MALWARE W32/DownloaderAgent.fajk Successful Infection CnC Beacon
sid 2016312 format suricata
et-open command-and-control
ET MALWARE Linux/SSHDoor.A Reporting Backdoor CnC Beacon
sid 2016314 format suricata
et-open command-and-control
ET MALWARE W32/Jabberbot.A Trednet XMPP CnC Beacon
sid 2016331 format suricata
et-open command-and-control
ET MALWARE W32/Beebus HTTP POST CnC Beacon
sid 2016342 format suricata
et-open command-and-control
ET MALWARE W32/ServStart.Variant CnC Beacon
sid 2016355 format suricata
et-open command-and-control
ET MALWARE W32/FloatingCloud.Banker CnC Beacon
sid 2016399 format suricata
et-open targeted-activity
ET MALWARE WEBC2-KT3 Intial Connection Beacon APT1 Related
sid 2016456 format suricata
et-open targeted-activity
ET MALWARE WEBC2-KT3 Intial Connection Beacon Server Response APT1 Related
sid 2016457 format suricata
et-open command-and-control
ET MOBILE_MALWARE Android/Smsilence.A Sending SMS Messages CnC Beacon
sid 2016513 format suricata
et-open command-and-control
ET MALWARE W32/Asprox php.dll.crp POST CnC Beacon
sid 2016527 format suricata
et-open command-and-control
ET MALWARE W32/Asprox CnC Beacon
sid 2016528 format suricata
et-open command-and-control
ET MALWARE W32/Asprox Passgrub POST CnC Beacon
sid 2016529 format suricata
et-open command-and-control
ET MALWARE W32/TrojanSpy.MSIL Fetch Time CnC Beacon
sid 2016533 format suricata
et-open command-and-control
ET MALWARE W32/TrojanSpy.MSIL Get New MAC CnC Beacon
sid 2016534 format suricata
et-open command-and-control
ET MALWARE W32/TrojanSpy.MSIL Set Done Day CnC Beacon
sid 2016535 format suricata
et-open command-and-control
ET MALWARE W32/TrojanSpy.MSIL Fetch Header CnC Beacon
sid 2016536 format suricata
et-open pup-activity
ET ADWARE_PUP W32/Eorezo.Adware CnC Beacon
sid 2016546 format suricata
et-open command-and-control
ET MALWARE W32/Trustezeb.C CnC Beacon
sid 2016552 format suricata
et-open targeted-activity
ET MALWARE W32/LetsGo.APT Sleep CnC Beacon
sid 2016568 format suricata
et-open command-and-control
ET MALWARE W32/GameThief Initial CnC Beacon
sid 2016637 format suricata
et-open command-and-control
ET MALWARE W32/Depyot.Downloader CnC Beacon
sid 2016638 format suricata
et-open trojan-activity
ET MALWARE [CrowdStrike] ANCHOR PANDA - Adobe Gh0st Beacon
sid 2016656 format suricata
et-open trojan-activity
ET MALWARE [CrowdStrike] ANCHOR PANDA Torn RAT Beacon Message Header Local
sid 2016659 format suricata
et-open trojan-activity
ET MALWARE [CrowdStrike] ANCHOR PANDA Torn RAT Beacon Message
sid 2016660 format suricata
et-open targeted-activity
ET MALWARE W32/BaneChant.APT Initial CnC Beacon
sid 2016728 format suricata
et-open command-and-control
ET MALWARE W32/Briba CnC POST Beacon
sid 2016911 format suricata
et-open command-and-control
ET MALWARE W32/Symmi Remote File Injector Initial CnC Beacon
sid 2016967 format suricata
et-open command-and-control
ET WORM W32/Njw0rm CnC Beacon
sid 2017404 format suricata
Showing 1-50 of 926
Prev 1 Next
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin