Home/Network IDS rules
IDS / IPS

Network IDS rules

84 rules · linked to T1105 · Snort / Suricata signatures
Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. Expand a rule to view its source link.

Rules

50 shown of 84
et-open trojan-activity
ET ATTACK_RESPONSE Koi Loader/Stealer CnC Config Inbound
sid 2059745 format suricata
et-open trojan-activity
ET ATTACK_RESPONSE Koi Loader/Stealer Payload Inbound
sid 2059759 format suricata
et-open trojan-activity
ET MALWARE ReverseLoader Style Payload Request (GET)
sid 2060033 format suricata
et-open trojan-activity
ET ATTACK_RESPONSE ClickFix MSHTA Command Inbound
sid 2060672 format suricata
et-open trojan-activity
ET ATTACK_RESPONSE Unknown Payload Downloader Inbound
sid 2061149 format suricata
et-open misc-activity
ET HUNTING Powershell Script Inbound Which Downloads C++ Compiler (Used by Stagers)
sid 2061723 format suricata
et-open trojan-activity
ET ATTACK_RESPONSE ClickFix Webpage Inbound
sid 2061754 format suricata
et-open trojan-activity
ET ATTACK_RESPONSE ClickFix Related Payload Inbound
sid 2061865 format suricata
et-open trojan-activity
ET ATTACK_RESPONSE Likely ClickFix Related Staging Domain
sid 2061866 format suricata
et-open trojan-activity
ET ATTACK_RESPONSE Observed ClickFix Landing Page Inbound
sid 2062123 format suricata
et-open trojan-activity
ET ATTACK_RESPONSE ClickFix Obfuscated Payload Inbound
sid 2062809 format suricata
et-open trojan-activity
ET ATTACK_RESPONSE TA399 Fake 404 WebPage Inbound
sid 2063193 format suricata
et-open trojan-activity
ET ATTACK_RESPONSE TA399 Fake 404 WebPage Inbound
sid 2063194 format suricata
et-open trojan-activity
ET ATTACK_RESPONSE Observed AsyncRat Installer Inbound
sid 2064060 format suricata
et-open trojan-activity
ET MALWARE KoiStealer Payload Reqeust
sid 2064143 format suricata
et-open trojan-activity
ET ATTACK_RESPONSE KoiStealer Payload Inbound
sid 2064144 format suricata
et-open trojan-activity
ET MALWARE CastleLoader Bot Download (GET)
sid 2064197 format suricata
et-open trojan-activity
ET ATTACK_RESPONSE Lumma Stealer Payload Inbound
sid 2064256 format suricata
et-open trojan-activity
ET MALWARE Kimsuky/TA406 Payload Request (GET)
sid 2064452 format suricata
et-open bad-unknown
ET HUNTING WebDAV Retrieving .ps1
sid 2064999 format suricata
et-open trojan-activity
ET ATTACK_RESPONSE Braodo Loader Inbound
sid 2065035 format suricata
et-open trojan-activity
ET ATTACK_RESPONSE ReverseLoader Base64 Encoded Executable In Image M1
sid 2065091 format suricata
et-open trojan-activity
ET ATTACK_RESPONSE ReverseLoader Base64 Encoded Executable In Image M2
sid 2065092 format suricata
et-open trojan-activity
ET HUNTING Request To Image Hosted on Archive .org With Minimal Request Headers
sid 2065097 format suricata
et-open trojan-activity
ET MALWARE Request To Malicious Image Hosted on Archive .org
sid 2065098 format suricata
et-open trojan-activity
ET MALWARE Operation Silk Lure Payload Request
sid 2065257 format suricata
et-open trojan-activity
ET MALWARE Amadey PowerShell Loader Inbound
sid 2065563 format suricata
et-open trojan-activity
ET MALWARE Observed VBScript Payload Downloader Inbound
sid 2065641 format suricata
et-open command-and-control
ET MALWARE Observed StealC_V2 Payload Request (GET)
sid 2066343 format suricata
et-open command-and-control
ET MALWARE Observed StealC_V2 Payload Request (GET)
sid 2066357 format suricata
et-open trojan-activity
ET MALWARE Observed StealC_V2 Payload Request (GET)
sid 2066358 format suricata
et-open command-and-control
ET MALWARE Observed StealC_V2 Payload Request (GET)
sid 2066359 format suricata
et-open trojan-activity
ET MALWARE ZeitLoader Payload Retrieval attempt
sid 2066361 format suricata
et-open trojan-activity
ET ATTACK_RESPONSE Obfuscated PowerShell Payload Inbound
sid 2066382 format suricata
et-open trojan-activity
ET MALWARE Executable Downloaded From Common Payload Delivery Host (GET)
sid 2066440 format suricata
et-open trojan-activity
ET MALWARE Observed StealC_V2 Payload Request (GET)
sid 2066443 format suricata
et-open trojan-activity
ET MALWARE Observed StealC_V2 Payload Request (GET)
sid 2066444 format suricata
et-open trojan-activity
ET MALWARE Observed StealC_V2 Payload Request (GET)
sid 2066445 format suricata
et-open trojan-activity
ET ATTACK_RESPONSE JScriptToPowerShell Obfuscator Payload Inbound
sid 2066483 format suricata
et-open trojan-activity
ET MALWARE Observed StealC_V2 Payload Request (GET)
sid 2066558 format suricata
et-open trojan-activity
ET MALWARE Observed StealC_V2 Payload Request (GET)
sid 2066590 format suricata
et-open trojan-activity
ET ATTACK_RESPONSE GETA RAT Obfuscated Payload Inbound
sid 2066655 format suricata
et-open trojan-activity
ET ATTACK_RESPONSE 123Stealer Payload Inbound
sid 2066689 format suricata
et-open trojan-activity
ET MALWARE HTTP Request to Known Stealer Payload Delivery Host
sid 2066932 format suricata
et-open trojan-activity
ET MALWARE GET Request to Common Payload Delivery Source (Multiple Stealers)
sid 2067020 format suricata
et-open command-and-control
ET MALWARE BlackSanta Payload Request
sid 2067849 format suricata
et-open trojan-activity
ET MALWARE BlackSanta Payload Inbound
sid 2067850 format suricata
et-open trojan-activity
ET MALWARE DefendNot Installer Payload Request
sid 2068058 format suricata
et-open trojan-activity
ET MALWARE DefendNot Installer Script Inbound
sid 2068059 format suricata
et-open trojan-activity
ET ATTACK_RESPONSE ASP.NET Web BackDoor Webshell Title Banner Observed
sid 2068142 format suricata
Showing 1-50 of 84
Prev 1 Next
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin