Home/Network IDS rules
IDS / IPS

Network IDS rules

45 rules · linked to T1496 · Snort / Suricata signatures
Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. Expand a rule to view its source link.

Rules

45 shown of 45
et-open pup-activity
ET ADWARE_PUP Shop at Home Select Spyware User-Agent (Bundle)
sid 2001702 format suricata
et-open pup-activity
ET ADWARE_PUP Shop at Home Select Spyware User-Agent (SAH)
sid 2001707 format suricata
et-open pup-activity
ET ADWARE_PUP Shopathomeselect .com Spyware User-Agent (WebDownloader)
sid 2002038 format suricata
et-open pup-activity
ET ADWARE_PUP Drivecleaner.com Spyware User-Agent (DriveCleaner Updater)
sid 2003486 format suricata
et-open pup-activity
ET ADWARE_PUP my247eshop .com User-Agent
sid 2008243 format suricata
et-open pup-activity
ET ADWARE_PUP ezday.co .kr Related Spyware User-Agent (Ezshop)
sid 2008594 format suricata
et-open pup-activity
ET ADWARE_PUP Adware pricepeep Adware.Shopper.297
sid 2016917 format suricata
et-open coin-mining
ET COINMINER W32/BitCoinMiner.MultiThreat Subscribe/Authorize Stratum Protocol Message
sid 2017871 format suricata
et-open coin-mining
ET COINMINER W32/BitCoinMiner.MultiThreat Stratum Protocol Mining.Notify Initial Connection Server Response
sid 2017872 format suricata
et-open coin-mining
ET COINMINER W32/BitCoinMiner.MultiThreat Stratum Protocol Mining.Notify Work Server Response
sid 2017873 format suricata
et-open coin-mining
ET COINMINER W32/BitCoinMiner.MultiThreat Getblocktemplate Protocol Server Connection
sid 2017878 format suricata
et-open coin-mining
ET COINMINER W32/BitCoinMiner.MultiThreat Getblocktemplate Protocol Server Coinbasetxn Begin Mining Response
sid 2017879 format suricata
et-open coin-mining
ET COINMINER PrimeCoinMiner.Protominer
sid 2018014 format suricata
et-open coin-mining
ET MALWARE W32/Zeus.BitcoinMiner Variant CnC Beacon
sid 2018504 format suricata
et-open coin-mining
ET COINMINER Cryptexplorer API Check - Potential CoinMiner Traffic
sid 2019825 format suricata
et-open coin-mining
ET MALWARE W32/Coinminer.Backdoor CnC Beacon
sid 2019826 format suricata
et-open coin-mining
ET MALWARE MegalodonHTTP CoinMiner Activity
sid 2022128 format suricata
et-open coin-mining
ET COINMINER Observed DNS Query to Browser Coinminer (crypto-loot[.]com)
sid 2024828 format suricata
et-open coin-mining
ET MALWARE Injected WP Keylogger/Coinminer Domain Detected (cloudflare .solutions in DNS Lookup)
sid 2025141 format suricata
et-open coin-mining
ET COINMINER CoinMiner Malicious Authline Seen After CVE-2017-10271 Exploit
sid 2025186 format suricata
et-open pup-activity
ET ADWARE_PUP WiseCleaner Installed (PUA)
sid 2025589 format suricata
et-open coin-mining
ET WEB_CLIENT Fake FlashPlayer Update Leading to CoinMiner M1 2018-10-12
sid 2026474 format suricata
et-open coin-mining
ET WEB_CLIENT Fake FlashPlayer Update Leading to CoinMiner M2 2018-10-12
sid 2026475 format suricata
et-open coin-mining
ET MALWARE ELF.Initdz.Coinminer C2 Systeminfo (D2)
sid 2027150 format suricata
et-open coin-mining
ET MALWARE Clipsa Stealer - Coinminer Download
sid 2027894 format suricata
et-open coin-mining
ET MALWARE MSIL/CoinMiner Performing System Checkin
sid 2030812 format suricata
et-open coin-mining
ET MALWARE C3Pool CoinMiner Setup Script Download
sid 2030813 format suricata
et-open pup-activity
ET ADWARE_PUP ThunderUnion Install Checkin
sid 2033896 format suricata
et-open coin-mining
ET COINMINER Observed DNS Query to herominers Domain (herominers .com)
sid 2033901 format suricata
et-open coin-mining
ET MALWARE Win32/Unk.Coinminer Checkin
sid 2033906 format suricata
et-open pup-activity
ET ADWARE_PUP Win32/MobiGame Install Stats Checkin M1
sid 2033909 format suricata
et-open pup-activity
ET ADWARE_PUP Win32/MobiGame Install Stats Checkin M2
sid 2033910 format suricata
et-open pup-activity
ET ADWARE_PUP Win32/MobiGame Install Stats Checkin M3
sid 2033911 format suricata
et-open pup-activity
ET ADWARE_PUP SecureDriverUpdater Checkin
sid 2034295 format suricata
et-open pup-activity
ET ADWARE_PUP Lantern Checkin
sid 2034314 format suricata
et-open pup-activity
ET ADWARE_PUP Win32/DownWare.V Checkin
sid 2034903 format suricata
et-open pup-activity
ET ADWARE_PUP Kuwo Music Installer Log
sid 2034907 format suricata
et-open trojan-activity
ET MALWARE MSIL/Unk.CoinMiner Downloader
sid 2035695 format suricata
et-open pup-activity
ET ADWARE_PUP DNS Query to Neoreklami Domain (testupdate .info)
sid 2045705 format suricata
et-open pup-activity
ET ADWARE_PUP DNS Query to Neoreklami Domain (133455789 .xyz)
sid 2045706 format suricata
et-open trojan-activity
ET COINMINER CoinMiner Exfiltration via IRC Config Inbound (Italian)
sid 2059794 format suricata
et-open pup-activity
ET ADWARE_PUP Onestart AI Host Profile Checkin (POST)
sid 2059955 format suricata
et-open pup-activity
ET ADWARE_PUP Onestart AI Program Version Checkin (POST)
sid 2059956 format suricata
et-open pup-activity
ET ADWARE_PUP Installer Analytics Checkin (POST)
sid 2066619 format suricata
et-open pup-activity
ET USER_AGENTS Installer Analytics User Agent (AdvinstAnalytics)
sid 2066620 format suricata
Showing 1-45 of 45
Prev 1 Next
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin