Home/Network IDS rules
IDS / IPS

Network IDS rules

1,487 rules · linked to T1189 · Snort / Suricata signatures
Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. Expand a rule to view its source link.

Rules

50 shown of 1,487
et-open attempted-user
ET WEB_CLIENT Internet Explorer execCommand function Use after free Vulnerability 0day Metasploit 2
sid 2020099 format suricata
et-open attempted-user
ET WEB_CLIENT Adobe Acrobat PDF Reader use after free JavaScript engine (CVE-2017-16393)
sid 2025091 format suricata
et-open exploit-kit
ET EXPLOIT_KIT Observed TOAD Domain (eshopper .top in TLS SNI)
sid 2048145 format suricata
et-open exploit-kit
ET EXPLOIT_KIT DNS Query to TOAD Domain (300005 .ru)
sid 2048559 format suricata
et-open exploit-kit
ET EXPLOIT_KIT DNS Query to TOAD Domain (helpset123 .site)
sid 2048560 format suricata
et-open exploit-kit
ET EXPLOIT_KIT Observed TOAD Domain (300005 .ru in TLS SNI)
sid 2048561 format suricata
et-open exploit-kit
ET EXPLOIT_KIT Observed TOAD Domain (helpset123 .site in TLS SNI)
sid 2048562 format suricata
et-open exploit-kit
ET EXPLOIT_KIT DNS Query to TOAD Domain (catreenpr .is)
sid 2048796 format suricata
et-open exploit-kit
ET EXPLOIT_KIT DNS Query to TOAD Domain (desktool .buzz)
sid 2050493 format suricata
et-open exploit-kit
ET EXPLOIT_KIT Observed TOAD Domain (desktool .buzz in TLS SNI)
sid 2050494 format suricata
et-open exploit-kit
ET EXPLOIT_KIT DNS Query to TOAD Domain (mvhelp .cc)
sid 2050495 format suricata
et-open exploit-kit
ET EXPLOIT_KIT Observed TOAD Domain (mvhelp .cc in TLS SNI)
sid 2050496 format suricata
et-open attempted-user
ET WEB_CLIENT Suspected BeEF Related JS Activity (evercookie)
sid 2052504 format suricata
et-open attempted-user
ET WEB_CLIENT Suspected BeEF Related JS Activity (css history)
sid 2052505 format suricata
et-open attempted-user
ET WEB_CLIENT Suspected BeEF Related JS Activity M1
sid 2052506 format suricata
et-open attempted-user
ET WEB_CLIENT Suspected BeEF Related JS Activity M2
sid 2052507 format suricata
et-open attempted-user
ET WEB_CLIENT BeEF Related JS Activity M3
sid 2052508 format suricata
et-open attempted-user
ET WEB_CLIENT BeEF Related JS Activity M4
sid 2052509 format suricata
et-open exploit-kit
ET EXPLOIT_KIT Parrot TDS Domain in DNS Lookup (jswebcloud .com)
sid 2054515 format suricata
et-open exploit-kit
ET EXPLOIT_KIT Parrot TDS Domain in TLS SNI (jswebcloud .com)
sid 2054516 format suricata
et-open domain-c2
ET MALWARE SocGholish Domain in DNS Lookup (books .friendsofthefolsomlibrary .org)
sid 2054705 format suricata
et-open domain-c2
ET MALWARE SocGholish Domain in TLS SNI (books .friendsofthefolsomlibrary .org)
sid 2054706 format suricata
et-open exploit-kit
ET EXPLOIT_KIT Malicious TA2726 TDS Domain in DNS Lookup (packedbrick .com)
sid 2054718 format suricata
et-open exploit-kit
ET EXPLOIT_KIT Malicious TDS Domain Domain in TLS SNI (packedbrick .com)
sid 2054719 format suricata
et-open exploit-kit
ET EXPLOIT_KIT Parrot TDS Domain in DNS Lookup (load .webdatahoster .com)
sid 2055659 format suricata
et-open exploit-kit
ET EXPLOIT_KIT Parrot TDS Domain in TLS SNI (load .webdatahoster .com)
sid 2055660 format suricata
et-open exploit-kit
ET EXPLOIT_KIT CC Skimmer Domain in DNS Lookup (codecarawan .com)
sid 2055773 format suricata
et-open exploit-kit
ET EXPLOIT_KIT CC Skimmer Domain in TLS SNI (codecarawan .com)
sid 2055774 format suricata
et-open exploit-kit
ET EXPLOIT_KIT CC Skimmer Domain in DNS Lookup (radlantroots .com)
sid 2055814 format suricata
et-open exploit-kit
ET EXPLOIT_KIT CC Skimmer Domain in TLS SNI (radlantroots .com)
sid 2055815 format suricata
et-open exploit-kit
ET EXPLOIT_KIT CC Skimmer Domain in DNS Lookup (marketiqhub .com)
sid 2055820 format suricata
et-open exploit-kit
ET EXPLOIT_KIT CC Skimmer Domain in TLS SNI (marketiqhub .com)
sid 2055821 format suricata
et-open exploit-kit
ET EXPLOIT_KIT CC Skimmer Domain in DNS Lookup (marketsoilmart .com)
sid 2055828 format suricata
et-open exploit-kit
ET EXPLOIT_KIT CC Skimmer Domain in TLS SNI (marketsoilmart .com)
sid 2055829 format suricata
et-open exploit-kit
ET EXPLOIT_KIT CC Skimmer Domain in DNS Lookup (desynlabtech .com)
sid 2055832 format suricata
et-open exploit-kit
ET EXPLOIT_KIT CC Skimmer Domain in TLS SNI (desynlabtech .com)
sid 2055833 format suricata
et-open exploit-kit
ET EXPLOIT_KIT CC Skimmer Domain in DNS Lookup (sellwisehub .com)
sid 2055897 format suricata
et-open exploit-kit
ET EXPLOIT_KIT CC Skimmer Domain in TLS SNI (sellwisehub .com)
sid 2055898 format suricata
et-open exploit-kit
ET EXPLOIT_KIT CC Skimmer Domain in DNS Lookup (trendpronet .com)
sid 2055980 format suricata
et-open exploit-kit
ET EXPLOIT_KIT CC Skimmer Domain in TLS SNI (trendpronet .com)
sid 2055981 format suricata
et-open exploit-kit
ET EXPLOIT_KIT CC Skimmer Domain in DNS Lookup (bytesbazar .com)
sid 2056002 format suricata
et-open exploit-kit
ET EXPLOIT_KIT CC Skimmer Domain in TLS SNI (bytesbazar .com)
sid 2056003 format suricata
et-open exploit-kit
ET EXPLOIT_KIT CC Skimmer Domain in TLS SNI (chartzend .com)
sid 2056490 format suricata
et-open exploit-kit
ET EXPLOIT_KIT CC Skimmer Domain in DNS Lookup (artickon .shop)
sid 2056677 format suricata
et-open exploit-kit
ET EXPLOIT_KIT CC Skimmer Domain in TLS SNI (artickon .shop)
sid 2056678 format suricata
et-open exploit-kit
ET EXPLOIT_KIT CC Skimmer Domain in DNS Lookup (selllify .shop)
sid 2056679 format suricata
et-open exploit-kit
ET EXPLOIT_KIT CC Skimmer Domain in TLS SNI (selllify .shop)
sid 2056680 format suricata
et-open exploit-kit
ET EXPLOIT_KIT CC Skimmer Domain in DNS Lookup (getstylify .com)
sid 2057182 format suricata
et-open exploit-kit
ET EXPLOIT_KIT CC Skimmer Domain in TLS Lookup (getstylify .com)
sid 2057183 format suricata
et-open exploit-kit
ET EXPLOIT_KIT CC Skimmer Domain in DNS Lookup (happyllfe .online)
sid 2057184 format suricata
Showing 1-50 of 1,487
Prev 1 Next
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin