Home/Detection rules/Suricata / ET-open
Tool
Network IDS

Suricata / ET-open

3,578 rules · network intrusion-detection signatures
Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. A rule name links to its upstream reference where the ruleset publishes one; rules without a public reference show as plain text.
Class All trojan-activitydomain-c2bad-unknownweb-application-attackmisc-activitycommand-and-controlattempted-adminexploit-kitsocial-engineeringcredential-theftattempted-usertargeted-activityattempted-reconpup-activity

Rules

50 shown of 3,578
et-open command-and-control
ET MALWARE Tibs Checkin
sid 2002959 format suricata
et-open command-and-control
ET MALWARE Win32.Lager Trojan Initial Checkin
sid 2003187 format suricata
et-open command-and-control
ET MALWARE W32.Downloader Tibs.jy Reporting to C&C (2)
sid 2003239 format suricata
et-open command-and-control
ET MALWARE Bandook v1.35 Initial Connection and Report
sid 2003555 format suricata
et-open command-and-control
ET MALWARE Downloader.VB.TX/Backdoor.Win32.DSSdoor!IK Checkin
sid 2003646 format suricata
et-open command-and-control
ET MALWARE Dialer-715 Install Checkin
sid 2003650 format suricata
et-open command-and-control
ET MALWARE Bot Backdoor Checkin/registration Request
sid 2006366 format suricata
et-open command-and-control
ET MALWARE General Downloader Checkin URL (GUID+)
sid 2007577 format suricata
et-open command-and-control
ET MALWARE Hupigon URL Infection Checkin Detected
sid 2007592 format suricata
et-open command-and-control
ET MALWARE Blackenergy Bot Checkin to C&C
sid 2007668 format suricata
et-open command-and-control
ET MALWARE Nebuler/Dialer.qn HTTP Request - Checkin
sid 2007743 format suricata
et-open command-and-control
ET MALWARE Lop.gfr/Swizzor HTTP Update/Checkin
sid 2007774 format suricata
et-open command-and-control
ET MALWARE Densmail.com Related Trojan Checkin
sid 2007822 format suricata
et-open command-and-control
ET MALWARE Illusion Bot (Lussilon) Checkin
sid 2007829 format suricata
et-open command-and-control
ET MALWARE Downloader General Bot Checking In via HTTP Post (bot_id push)
sid 2007831 format suricata
et-open command-and-control
ET MALWARE Theoreon.com Related Trojan Checkin
sid 2007832 format suricata
et-open command-and-control
ET MALWARE Downloader General Bot Checking In - Possible Win32.Small.htz related
sid 2007836 format suricata
et-open command-and-control
ET MALWARE Bzub2 Related RPC/Http Checkin
sid 2007843 format suricata
et-open command-and-control
ET MALWARE LDPinch Checkin (3)
sid 2007862 format suricata
et-open command-and-control
ET MALWARE Banload HTTP Checkin
sid 2007863 format suricata
et-open command-and-control
ET MALWARE Dialer.MC(vf) HTTP Request - Checkin
sid 2007913 format suricata
et-open command-and-control
ET MALWARE Backdoor.Win32.VB.brg C&C Checkin
sid 2007922 format suricata
et-open command-and-control
ET MALWARE Banker Trojan (General) HTTP Checkin (vit)
sid 2007999 format suricata
et-open command-and-control
ET MALWARE Win32.Agent.cyt (Or variant) HTTP POST Checkin
sid 2008003 format suricata
et-open command-and-control
ET MALWARE Turkojan C&C Initial Checkin (ams)
sid 2008021 format suricata
et-open command-and-control
ET MALWARE Turkojan C&C Info Command (MINFO)
sid 2008022 format suricata
et-open command-and-control
ET MALWARE Turkojan C&C Info Command Response (MINFO)
sid 2008023 format suricata
et-open command-and-control
ET MALWARE Turkojan C&C Logs Parse Command (LOGS1)
sid 2008024 format suricata
et-open command-and-control
ET MALWARE Turkojan C&C Keepalive (BAGLANTI)
sid 2008026 format suricata
et-open command-and-control
ET MALWARE Turkojan C&C Browse Drive Command (BROWSC)
sid 2008027 format suricata
et-open command-and-control
ET MALWARE Turkojan C&C nxt Command (nxt)
sid 2008029 format suricata
et-open command-and-control
ET MALWARE Delf Checkin via HTTP (5)
sid 2008044 format suricata
et-open command-and-control
ET MALWARE Yahoo550.com Related Downloader/Trojan Checkin
sid 2008049 format suricata
et-open command-and-control
ET MALWARE Daemonize.ft HTTP Checkin
sid 2008086 format suricata
et-open command-and-control
ET MALWARE Win32/FakeXPA Checkin URL
sid 2008152 format suricata
et-open command-and-control
ET MALWARE Win32 Cloaker Related Post Infection Checkin
sid 2008185 format suricata
et-open command-and-control
ET MALWARE SpamTool.Win32.Agent.gy/Grum/Tedroo Or Similar HTTP Checkin
sid 2008189 format suricata
et-open command-and-control
ET MALWARE Generic Spambot (often Tibs) Post-Infection Checkin (justcount.net likely)
sid 2008232 format suricata
et-open command-and-control
ET MALWARE Common Downloader Install Report URL (farfly checkin)
sid 2008233 format suricata
et-open command-and-control
ET MALWARE Knockbot Proxy Checkin
sid 2008249 format suricata
et-open command-and-control
ET MALWARE Banload HTTP Checkin Detected (envia.php)
sid 2008256 format suricata
et-open command-and-control
ET MALWARE DMSpammer HTTP Post Checkin
sid 2008271 format suricata
et-open command-and-control
ET MALWARE Hitpop.AG/Pophot.az HTTP Checkin
sid 2008317 format suricata
et-open command-and-control
ET MALWARE Win32.Small.AB or related Post-infection checkin
sid 2008321 format suricata
et-open command-and-control
ET MALWARE FraudLoad.aww HTTP CnC Post
sid 2008322 format suricata
et-open command-and-control
ET MALWARE xpsecuritycenter.com Fake AntiVirus GET-Install Checkin
sid 2008329 format suricata
et-open command-and-control
ET MALWARE Lop.gfr/Swizzor HTTP Update/Checkin (usually host-domain-lookup.com related)
sid 2008333 format suricata
et-open command-and-control
ET MALWARE KLog Nick Keylogger Checkin
sid 2008338 format suricata
et-open command-and-control
ET MALWARE Lost Door Checkin
sid 2008340 format suricata
et-open command-and-control
ET MALWARE Playtech Downloader Online Gaming Checkin
sid 2008365 format suricata
Showing 1-50 of 3,578
Prev 1 Next
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Recently exploited
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Ransomware groups
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Privacy policy Terms of service
threatengine.sh