Home/Network IDS rules
IDS / IPS

Network IDS rules

12 rules · linked to T1095 · Snort / Suricata signatures
Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. Expand a rule to view its source link.

Rules

12 shown of 12
et-open command-and-control
ET MALWARE VenomRAT CnC Server Keepalive
sid 2055754 format suricata
et-open command-and-control
ET MALWARE GorillaBot CnC Server Probe
sid 2062886 format suricata
et-open command-and-control
ET MALWARE GorillaBot CnC Magic-Byte Response (Bot Configuration)
sid 2062887 format suricata
et-open command-and-control
ET MALWARE GorillaBot Victim BotID Sent to CnC Server
sid 2062889 format suricata
et-open command-and-control
ET MALWARE SillyRAT CnC Command Inbound (Keylogger:On)
sid 2063513 format suricata
et-open command-and-control
ET MALWARE SillyRAT CnC Server PING Inbound
sid 2063514 format suricata
et-open command-and-control
ET MALWARE SillyRAT CnC Command Inbound (Keylogger:Dump)
sid 2063515 format suricata
et-open command-and-control
ET MALWARE SillyRAT CnC Victim Keylogger Exfil
sid 2063516 format suricata
et-open command-and-control
ET MALWARE SillyRAT CnC Command Inbound (Screenshot)
sid 2063517 format suricata
et-open command-and-control
ET MALWARE SillyRAT CnC Command Inbound (shell)
sid 2063518 format suricata
et-open command-and-control
ET MALWARE SillyRAT CnC Command Inbound (sysinfo)
sid 2063519 format suricata
et-open command-and-control
ET MALWARE ZeroTrace CnC Server Settings Inbound
sid 2066801 format suricata
Showing 1-12 of 12
Prev 1 Next
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin