Home/Network IDS rules
IDS / IPS

Network IDS rules

279 rules · linked to T1486 · Snort / Suricata signatures
Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. Expand a rule to view its source link.

Rules

50 shown of 279
et-open command-and-control
ET MALWARE Lyposit Ransomware Checkin 1
sid 2015957 format suricata
et-open command-and-control
ET MALWARE Lyposit Ransomware Checkin 2
sid 2015958 format suricata
et-open command-and-control
ET MALWARE W32/Tobfy.Ransomware CnC Request - status.php
sid 2016186 format suricata
et-open command-and-control
ET MALWARE W32/Tobfy.Ransomware Invalid URI CnC Request
sid 2016187 format suricata
et-open command-and-control
ET MALWARE Gimemo Ransomware Checkin
sid 2016496 format suricata
et-open trojan-activity
ET MALWARE Galock Ransomware Check-in
sid 2016644 format suricata
et-open trojan-activity
ET MALWARE Galock Ransomware Command
sid 2016645 format suricata
et-open trojan-activity
ET MALWARE Revoyem Ransomware Check-in
sid 2016731 format suricata
et-open trojan-activity
ET MALWARE Revoyem Ransomware Activity
sid 2016732 format suricata
et-open trojan-activity
ET WEB_CLIENT JS Browser Based Ransomware
sid 2017165 format suricata
et-open trojan-activity
ET MALWARE CBReplay.P Ransomware
sid 2017269 format suricata
et-open command-and-control
ET MALWARE W32/DirCrypt.Ransomware CnC Checkin
sid 2017308 format suricata
et-open trojan-activity
ET MALWARE Linkup Ransomware check-in
sid 2018122 format suricata
et-open trojan-activity
ET MALWARE Win32/Teslacrypt Ransomware .onion domain (63ghdye17.com)
sid 2020839 format suricata
et-open trojan-activity
ET MALWARE Win32/Teslacrypt Ransomware .onion domain (7hwr34n18.com)
sid 2020844 format suricata
et-open trojan-activity
ET MALWARE Win32/Teslacrypt Ransomware .onion domain (wh47f2as19.com)
sid 2020869 format suricata
et-open trojan-activity
ET MALWARE Win32/Teslacrypt Ransomware .onion domain (epmhyca5ol6plmx3)
sid 2020882 format suricata
et-open trojan-activity
ET MALWARE Win32/Filecoder Ransomware Variant .onion Proxy Domain (tkj3higtqlvohs7z)
sid 2020942 format suricata
et-open trojan-activity
ET MALWARE DNS Query to TOX Ransomware onion (toxicola7qwv37qj)
sid 2021204 format suricata
et-open command-and-control
ET MALWARE BandarChor Ransomware Checkin
sid 2021685 format suricata
et-open policy-violation
ET MALWARE Possible Chimera Ransomware - Bitmessage Activity
sid 2022075 format suricata
et-open trojan-activity
ET MALWARE FAKBEN Ransomware
sid 2022283 format suricata
et-open command-and-control
ET MALWARE Win32/7ev3n Ransomware Initial Checkin
sid 2022402 format suricata
et-open command-and-control
ET MALWARE Win32/7ev3n Ransomware Process Checkin
sid 2022403 format suricata
et-open command-and-control
ET MALWARE LeChiffre Ransomware CnC
sid 2022406 format suricata
et-open trojan-activity
ET MALWARE Ransomware Locky .onion Payment Domain
sid 2022560 format suricata
et-open trojan-activity
ET MALWARE Ransomware Locky .onion Payment Domain
sid 2022589 format suricata
et-open trojan-activity
ET MALWARE Ransomware Locky .onion Payment Domain
sid 2022590 format suricata
et-open command-and-control
ET MALWARE OSX/KeRanger Ransomware CnC DNS Request 1
sid 2022598 format suricata
et-open command-and-control
ET MALWARE OSX/KeRanger Ransomware CnC DNS Request 2
sid 2022599 format suricata
et-open command-and-control
ET MALWARE OSX/KeRanger Ransomware CnC DNS Request 3
sid 2022600 format suricata
et-open command-and-control
ET MALWARE OSX/KeRanger Ransomware CnC DNS Request 4
sid 2022601 format suricata
et-open trojan-activity
ET MALWARE Possible Locky Ransomware Writing Encrypted File over - SMB and SMB-DS v1 Unicode
sid 2022637 format suricata
et-open trojan-activity
ET MALWARE Possible Locky Ransomware Writing Encrypted File over - SMB and SMB-DS v1 ASCII
sid 2022638 format suricata
et-open trojan-activity
ET MALWARE Possible Locky Ransomware Writing Encrypted File over - SMB and SMB-DS v2
sid 2022639 format suricata
et-open trojan-activity
ET MALWARE Ransomware Locky Possible Payment Page
sid 2022680 format suricata
et-open command-and-control
ET MALWARE Win32/CryptFile2 Ransomware Checkin
sid 2022683 format suricata
et-open command-and-control
ET MALWARE W32/Virus-Encoder Ransomware Checkin
sid 2022737 format suricata
et-open trojan-activity
ET MALWARE Possible CryptXXX Ransomware Renaming Encrypted File SMB v1 Unicode
sid 2022838 format suricata
et-open trojan-activity
ET MALWARE Possible CryptXXX Ransomware Renaming Encrypted File SMB v1 ASCII
sid 2022839 format suricata
et-open trojan-activity
ET MALWARE Possible CryptXXX Ransomware Renaming Encrypted File SMB v2
sid 2022840 format suricata
et-open command-and-control
ET MALWARE Criptobit/Mobef Ransomware Checkin
sid 2022845 format suricata
et-open command-and-control
ET MALWARE BandarChor/CryptON Ransomware Checkin
sid 2022875 format suricata
et-open command-and-control
ET MALWARE Win32.Crypren/Zcrypt Ransomware Checkin
sid 2022897 format suricata
et-open trojan-activity
ET MALWARE JS/RAA Ransomware check-in
sid 2022899 format suricata
et-open trojan-activity
ET MALWARE Towerweb Ransomware Landing Page
sid 2022906 format suricata
et-open trojan-activity
ET MALWARE Ransomware Locky .onion Payment Domain (mphtadhci5mrdlju)
sid 2022917 format suricata
et-open command-and-control
ET MALWARE Win32/Satana Ransomware Checkin
sid 2022929 format suricata
et-open trojan-activity
ET MALWARE Ranscam Ransomware Contact Form
sid 2022968 format suricata
et-open trojan-activity
ET MALWARE Ransomware Locky .onion Payment Domain (5n7y4yihirccftc5)
sid 2023084 format suricata
Showing 1-50 of 279
Prev 1 Next
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin