Network IDS rules · threatengine.sh

Home/Network IDS rules

IDS / IPS

Network IDS rules

87 rules · linked to T1587 · Snort / Suricata signatures

Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. Expand a rule to view its source link.

◈

Rules

50 shown of 87

et-open domain-c2

ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Downloader CnC)

sid 2022100 format suricata

et-open domain-c2

ET MALWARE Malicious SSL certificate detected (Possible Sinkhole)

sid 2022323 format suricata

et-open domain-c2

ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Malware C2)

sid 2022919 format suricata

et-open domain-c2

ET MALWARE Observed Malicious SSL Cert (OilRig QUADAGENT CnC)

sid 2025892 format suricata

et-open domain-c2

ET MALWARE Observed Malicious SSL Cert (MageCart Exfil Domain)

sid 2026110 format suricata

et-open domain-c2

ET MALWARE Observed Malicious SSL Cert (MageCart Group 3 Staging Domain)

sid 2026592 format suricata

et-open domain-c2

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 Staging Domain)

sid 2026594 format suricata

et-open domain-c2

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 Staging Domain)

sid 2026595 format suricata

et-open domain-c2

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 Staging Domain)

sid 2026598 format suricata

et-open domain-c2

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 Staging Domain)

sid 2026602 format suricata

et-open domain-c2

ET MALWARE Observed Malicious SSL Cert (POWERSTATS Proxy CnC)

sid 2026679 format suricata

et-open domain-c2

ET MALWARE Observed Malicious SSL Cert (Cobalt Group/More_Eggs CnC)

sid 2026703 format suricata

et-open domain-c2

ET MALWARE Observed Malicious SSL Cert (DonotGroup/Patchwork CnC)

sid 2026827 format suricata

et-open domain-c2

ET MALWARE Observed Malicious SSL Cert (APT32 CnC)

sid 2026872 format suricata

et-open domain-c2

ET MALWARE Observed Malicious SSL Cert (MageCart Group 11 CnC)

sid 2026998 format suricata

et-open domain-c2

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)

sid 2027007 format suricata

et-open domain-c2

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)

sid 2027013 format suricata

et-open domain-c2

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)

sid 2027021 format suricata

et-open domain-c2

ET MALWARE Observed Malicious SSL Cert (MageCart Group 4 CnC)

sid 2027023 format suricata

et-open domain-c2

ET MALWARE Observed Malicious SSL Cert (ReactGet Group)

sid 2027318 format suricata

et-open domain-c2

ET MALWARE Observed Malicious SSL Cert (MirrorThief CnC)

sid 2027342 format suricata

et-open domain-c2

ET MALWARE Observed Malicious SSL Cert (MageCart CnC)

sid 2027473 format suricata

et-open domain-c2

ET MALWARE Observed Malicious SSL Cert (MageCart CnC)

sid 2027476 format suricata

et-open domain-c2

ET MALWARE Observed Malicious SSL Cert (Ursnif CnC)

sid 2027620 format suricata

et-open domain-c2

ET MALWARE Observed Malicious SSL Cert (Turla/APT34 CnC Domain)

sid 2027670 format suricata

et-open domain-c2

ET MALWARE Observed Malicious SSL Cert (DonotGroup CnC)

sid 2028585 format suricata

et-open domain-c2

ET MALWARE Observed Malicious SSL Cert (AZORult Cnc Server) 2019-09-27

sid 2028658 format suricata

et-open domain-c2

ET MALWARE Observed Malicious SSL Cert (MageCart Staging Domain)

sid 2028836 format suricata

et-open domain-c2

ET MALWARE Observed Malicious SSL Cert (StrongPity CnC)

sid 2028926 format suricata

et-open domain-c2

ET MALWARE Observed Malicious SSL Cert (ACBackdoor CnC)

sid 2029049 format suricata

et-open domain-c2

ET MALWARE Malicious SSL Certificate detected (PyXie)

sid 2029083 format suricata

et-open domain-c2

ET MALWARE Malicious SSL Certificate detected (PyXie)

sid 2029086 format suricata

et-open domain-c2

ET MALWARE Malicious SSL Certificate detected (PyXie)

sid 2029090 format suricata

et-open domain-c2

ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)

sid 2029119 format suricata

et-open domain-c2

ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)

sid 2029121 format suricata

et-open domain-c2

ET MALWARE [401TRG] Malicious SSL Cert (Dreambot CnC)

sid 2029134 format suricata

et-open domain-c2

ET MALWARE Malicious SSL Cert (Magecart)

sid 2029226 format suricata

et-open social-engineering

ET PHISHING Observed Malicious SSL Cert (Office365 Phish Landing Page 2020-01-09)

sid 2029256 format suricata

et-open domain-c2

ET MALWARE Observed Malicious SSL Cert (BrushaLoader CnC)

sid 2029314 format suricata

et-open targeted-activity

ET WEB_CLIENT Observed Malicious SSL Cert (Charming Kitten Phishing Domain)

sid 2029356 format suricata

et-open targeted-activity

ET WEB_CLIENT Observed Malicious SSL Cert (Charming Kitten Phishing Domain)

sid 2029360 format suricata

et-open targeted-activity

ET WEB_CLIENT Observed Malicious SSL Cert (Charming Kitten Phishing Domain)

sid 2029361 format suricata

et-open targeted-activity

ET WEB_CLIENT Observed Malicious SSL Cert (Charming Kitten Phishing Domain)

sid 2029365 format suricata

et-open targeted-activity

ET WEB_CLIENT Observed Malicious SSL Cert (Charming Kitten Phishing Domain)

sid 2029373 format suricata

et-open targeted-activity

ET WEB_CLIENT Observed Malicious SSL Cert (Charming Kitten Phishing Domain)

sid 2029377 format suricata

et-open targeted-activity

ET WEB_CLIENT Observed Malicious SSL Cert (Charming Kitten Phishing Domain)

sid 2029378 format suricata

et-open domain-c2

ET MALWARE Observed Malicious SSL Cert (BrushaLoader CnC)

sid 2029387 format suricata

et-open domain-c2

ET MALWARE Observed Malicious SSL Cert (MINEBRIDGE/MINEDOOR CnC)

sid 2029390 format suricata

et-open domain-c2

ET MALWARE Observed Malicious SSL Cert (MageCart Group 12)

sid 2029503 format suricata

et-open domain-c2

ET MALWARE Observed Malicious SSL Cert (MageCart Group 12)

sid 2029505 format suricata

Showing 1-50 of 87

Prev 1 Next

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin