Home/Network IDS rules
IDS / IPS

Network IDS rules

26 rules · linked to T1573 · Snort / Suricata signatures
Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. Expand a rule to view its source link.

Rules

26 shown of 26
et-open command-and-control
ET MALWARE Ave Maria/Warzone RAT Encrypted CnC Checkin
sid 2036734 format suricata
et-open command-and-control
ET MALWARE Ave Maria/Warzone RAT Encrypted CnC Checkin (Inbound)
sid 2036735 format suricata
et-open command-and-control
ET MALWARE Ave Maria/Warzone RAT Encrypted CnC Checkin (Inbound)
sid 2037801 format suricata
et-open command-and-control
ET MALWARE Ave Maria/Warzone RAT Credential Exfil
sid 2037907 format suricata
et-open trojan-activity
ET MALWARE Xenorat Default C2 Server Response Inbound
sid 2058410 format suricata
et-open trojan-activity
ET MALWARE Xenorat Default Handshake Inbound
sid 2058419 format suricata
et-open trojan-activity
ET MALWARE Telemiris CnC Checkin
sid 2058964 format suricata
et-open trojan-activity
ET MALWARE ShadowROOT RAT Malicious SSL Cert Serial Observed M1
sid 2058967 format suricata
et-open trojan-activity
ET MALWARE ShadowROOT RAT Malicious SSL Cert Serial Observed M2
sid 2058968 format suricata
et-open trojan-activity
ET MALWARE ShadowROOT RAT Malicious SSL Cert Subject Observed (GGliberium44)
sid 2058993 format suricata
et-open trojan-activity
ET MALWARE ShadowROOT RAT Malicious SSL Certificate Issuer Observed (GGliberium44)
sid 2058995 format suricata
et-open command-and-control
ET MALWARE Winos4.0 Framework CnC Login Message CnC Server Response
sid 2059975 format suricata
et-open misc-activity
ET INFO Default PolarSSL/mbedTLS Certificate Issuer Observed in Certificate M1
sid 2060435 format suricata
et-open trojan-activity
ET MALWARE Observed Malicious SSL Cert Associated with PolarEdge Botnet M1
sid 2060436 format suricata
et-open trojan-activity
ET MALWARE Observed Malicious SSL Cert Associated with PolarEdge Botnet M2
sid 2060437 format suricata
et-open trojan-activity
ET MALWARE Observed Malicious SSL Cert Associated with PolarEdge Botnet M3
sid 2060438 format suricata
et-open trojan-activity
ET MALWARE Observed Malicious SSL Cert Associated with PolarEdge Botnet M4
sid 2060439 format suricata
et-open trojan-activity
ET MALWARE PolarEdge CnC Checkin
sid 2060443 format suricata
et-open misc-activity
ET INFO Discord Chat Service Domain in DNS Lookup (gateway .discord .gg)
sid 2060502 format suricata
et-open misc-activity
ET INFO Discord Chat Service Domain in DNS Lookup (discord .com)
sid 2060503 format suricata
et-open misc-activity
ET INFO Observed Discord Service Domain (gateway .discord .gg) in TLS SNI
sid 2060504 format suricata
et-open misc-activity
ET INFO Observed Discord Service Domain (discord .com) in TLS SNI
sid 2060505 format suricata
et-open trojan-activity
ET MALWARE LeakyStealer CnC Checkin
sid 2065696 format suricata
et-open trojan-activity
ET MALWARE Atemu RAT User-Agent Observed (CommandExecutor/1.0)
sid 2068884 format suricata
et-open trojan-activity
ET MALWARE Atemu RAT CnC Checkin Attempt
sid 2068885 format suricata
et-open trojan-activity
ET MALWARE Atemu RAT Tasking Request
sid 2068886 format suricata
Showing 1-26 of 26
Prev 1 Next
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin