Network IDS rules

Home/Network IDS rules

IDS / IPS

978 rules · Snort / Suricata signatures

Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. A rule name links to its upstream reference where the ruleset publishes one; rules without a public reference show as plain text.

◈

Rules

50 shown of 978

et-open targeted-activity

ET MALWARE APT1 WEBC2-UGX Related Pingbed/Downbot User-Agent (Windows+NT+5.x)

sid 2009486 format suricata

et-open targeted-activity

ET MALWARE Trojan.APT.9002 CnC Traffic

sid 2016398 format suricata

et-open targeted-activity

ET MALWARE Win32/Tosct.B UA Mandiant APT1 Related

sid 2016431 format suricata

et-open targeted-activity

ET MALWARE Win32/COOKIEBAG Cookie APT1 Related

sid 2016434 format suricata

et-open targeted-activity

ET MALWARE WEBC2-TABLE Checkin 1 - APT1 Related

sid 2016435 format suricata

et-open targeted-activity

ET MALWARE WEBC2-TABLE Checkin 2 - APT1 Related

sid 2016436 format suricata

et-open targeted-activity

ET MALWARE WEBC2-TABLE Checkin 3 - APT1 Related

sid 2016437 format suricata

et-open targeted-activity

ET MALWARE WEBC2-TABLE Checkin Response - Embedded CnC APT1 Related

sid 2016438 format suricata

et-open targeted-activity

ET MALWARE Win32/Namsoth.A Checkin/NEWSREELS APT1 Related

sid 2016439 format suricata

et-open targeted-activity

ET MALWARE WEBC2-AUSOV Checkin Response - Embedded CnC APT1 Related

sid 2016449 format suricata

et-open targeted-activity

ET MALWARE WEBC2-QBP Checkin Response 1 - Embedded CnC APT1 Related

sid 2016451 format suricata

et-open targeted-activity

ET MALWARE WEBC2-CLOVER Checkin APT1 Related

sid 2016452 format suricata

et-open targeted-activity

ET MALWARE Possible WEBC2-GREENCAT Response - Embedded CnC APT1 Related

sid 2016455 format suricata

et-open targeted-activity

ET MALWARE WEBC2-KT3 Intial Connection Beacon APT1 Related

sid 2016456 format suricata T1041 ↗

et-open targeted-activity

ET MALWARE WEBC2-KT3 Intial Connection Beacon Server Response APT1 Related

sid 2016457 format suricata T1041 ↗

et-open targeted-activity

ET MALWARE Win32/Small.XR Checkin 2 WEBC2-CSON APT1 Related

sid 2016459 format suricata

et-open targeted-activity

ET MALWARE Win32.Sluegot.A Checkin WEBC2-YAHOO APT1 Related

sid 2016461 format suricata

et-open targeted-activity

ET MALWARE Fake Virtually SSL Cert APT1

sid 2016462 format suricata

et-open targeted-activity

ET MALWARE EMAIL SSL Cert APT1

sid 2016464 format suricata

et-open targeted-activity

ET MALWARE LAME SSL Cert APT1

sid 2016465 format suricata

et-open targeted-activity

ET MALWARE NS SSL Cert APT1

sid 2016466 format suricata

et-open targeted-activity

ET MALWARE SERVER SSL Cert APT1

sid 2016467 format suricata

et-open targeted-activity

ET MALWARE SUR SSL Cert APT1

sid 2016468 format suricata

et-open targeted-activity

ET MALWARE FAKE AOL SSL Cert APT1

sid 2016469 format suricata

et-open targeted-activity

ET MALWARE FAKE YAHOO SSL Cert APT1

sid 2016470 format suricata

et-open targeted-activity

ET MALWARE WEBC2-UGX User-Agent (Windows+NT+5.x) APT1

sid 2016471 format suricata

et-open targeted-activity

ET MALWARE WEBC2-UGX Embedded CnC Response APT1

sid 2016472 format suricata

et-open targeted-activity

ET MALWARE CommentCrew UGX Backdoor initial connection

sid 2016474 format suricata

et-open targeted-activity

ET MALWARE CommentCrew downloader without user-agent string exe download without User Agent

sid 2016475 format suricata

et-open targeted-activity

ET MALWARE CommentCrew Possible APT c2 communications get system

sid 2016476 format suricata T1071 ↗

et-open targeted-activity

ET MALWARE CommentCrew Possible APT c2 communications html return 1

sid 2016477 format suricata T1071 ↗

et-open targeted-activity

ET MALWARE CommentCrew Possible APT c2 communications sleep

sid 2016478 format suricata T1071 ↗

et-open targeted-activity

ET MALWARE CommentCrew Possible APT c2 communications sleep2

sid 2016479 format suricata T1071 ↗

et-open targeted-activity

ET MALWARE CommentCrew Possible APT c2 communications sleep3

sid 2016480 format suricata T1071 ↗

et-open targeted-activity

ET MALWARE CommentCrew Possible APT c2 communications sleep5

sid 2016482 format suricata T1071 ↗

et-open targeted-activity

ET MALWARE CommentCrew Possible APT c2 communications download client.png

sid 2016483 format suricata T1071 ↗

et-open targeted-activity

ET MALWARE CommentCrew Possible APT crabdance backdoor base64 head 2

sid 2016484 format suricata

et-open targeted-activity

ET MALWARE CommentCrew Possible APT crabdance backdoor base64 head

sid 2016485 format suricata

et-open targeted-activity

ET MALWARE CommentCrew Possible APT backdoor stage 2 download base64 update.gif

sid 2016486 format suricata

et-open targeted-activity

ET MALWARE CommentCrew Possible APT backdoor download logo.png

sid 2016487 format suricata

et-open targeted-activity

ET MALWARE CommentCrew Possible APT c2 communications get command client key

sid 2016488 format suricata T1071 ↗

et-open targeted-activity

ET MALWARE W32/LetsGo.APT Sleep CnC Beacon

sid 2016568 format suricata T1041 ↗

et-open targeted-activity

ET DNS APT_NGO_wuaclt C2 Domain micorsofts.net

sid 2016569 format suricata

et-open targeted-activity

ET DNS APT_NGO_wuaclt C2 Domain micorsofts.com

sid 2016570 format suricata

et-open targeted-activity

ET DNS APT_NGO_wuaclt C2 Domain hotmal1.com

sid 2016571 format suricata

et-open targeted-activity

ET MALWARE APT_NGO_wuaclt C2 Check-in

sid 2016572 format suricata

et-open targeted-activity

ET MALWARE APT_NGO_wuaclt

sid 2016573 format suricata

et-open targeted-activity

ET MALWARE APT_NGO_wuaclt PDF file

sid 2016579 format suricata

et-open targeted-activity

ET MALWARE W32/BaneChant.APT Winword.pkg Redirect

sid 2016713 format suricata

et-open targeted-activity

ET MALWARE W32/BaneChant.APT Data Exfiltration POST to CnC

sid 2016727 format suricata

Showing 1-50 of 978

Prev 1 Next